Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update aquaproj/update-checksum-action action to v0.2.4 #63

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update aquaproj/update-checksum-action action to v0.2.4 #63

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 26, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
aquaproj/update-checksum-action action patch v0.2.3 -> v0.2.4

Release Notes

aquaproj/update-checksum-action (aquaproj/update-checksum-action)

v0.2.4

Compare Source

Issues | Pull Requests | aquaproj/update-checksum-action@v0.2.3...v0.2.4

Features

#​79 Add read_checksum_token input to allow custom token for aqua update-checksum @​iwata

This action didn't have any input to pass GitHub Access Tokens, so you needed to pass a GitHub Access Token via environment variable GITHUB_TOKEN.

e.g.

update-checksum-workflow/.github/workflows/update-checksum.yaml

Lines 142 to 147 in 437067a

env:
# To trigger GitHub Actions Workflow by pushing a commit, GitHub App token is required.
# github.token doesn't trigger GitHub Actions Workflow.
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow
# > When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch and repository_dispatch, will not create a new workflow run.
GITHUB_TOKEN: ${{steps.generate_token.outputs.token}} 

      - uses: aquaproj/update-checksum-action@0fef5fa12e81e046bb29078f76b99bb29fa4e696 # v0.2.3
        env:
          GITHUB_TOKEN: ${{steps.generate_token.outputs.token}}

But this action uses GitHub Access token for two purposes.

  1. aqua update-checksum: It may access private registries and packages. contents: read
  2. push a commit by ghcp: It may access a private repository contents: write

These two purposes requires different permissions and scopes.
Especially, contents:write for private registries and packages is undesirable.

As of v0.2.4, you can pass a GitHub access token for aqua update-checksum via the input read_checksum_token.
So, you can pass two different access tokens.

e.g.

      - uses: aquaproj/update-checksum-action@0fef5fa12e81e046bb29078f76b99bb29fa4e696 # v0.2.3
        with:
          read_checksum_token: ${{steps.generate_token.outputs.token}} # Token for `aqua update-checksum`
        env:
          GITHUB_TOKEN: ${{ github.token }} # Token for pushing a commit

read_checksum_token is optional. By default, AQUA_GITHUB_TOKEN or GITHUB_TOKEN is used.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot enabled auto-merge (rebase) September 26, 2024 01:32
auto-merge was automatically disabled September 26, 2024 01:32

Base branch requires signed commits

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@renovate-approve renovate-approve renovate-approve approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants