Switch to using an app token instead of a PAT #362
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jeffwidman
force-pushed
the
add-workflow-for-floating-v1-tag-to-latest-release
branch
2 times, most recently
from
160adf6 to
0b20093
Compare
jeffwidman
force-pushed
the
switch-to-using-app-token-instead-of-pat
branch
from
8fda4b7 to
ee69a31
Compare
jeffwidman
force-pushed
the
add-workflow-for-floating-v1-tag-to-latest-release
branch
from
0b20093 to
06f85fe
Compare
jeffwidman
force-pushed
the
switch-to-using-app-token-instead-of-pat
branch
from
ee69a31 to
342e90c
Compare
Base automatically changed from
add-workflow-for-floating-v1-tag-to-latest-release
to
main
May 19, 2023 15:37
jeffwidman
force-pushed
the
switch-to-using-app-token-instead-of-pat
branch
from
342e90c to
063cb84
Compare
|
Note to myself: Some of these workflows use actions secrets, some require Dependabot secrets... so need to ensure it's setup in both Actions secrets and Dependabot secrets. |
jeffwidman
force-pushed
the
switch-to-using-app-token-instead-of-pat
branch
from
063cb84 to
c04a4e2
Compare
jurre
approved these changes
May 22, 2023
The app token will persist even as users come/go from theteam. It also allows us more finegrained access controls from the app settings page if we need to suddenly lockdown something, we don't have to rely on the person who created the PAT.
jeffwidman
force-pushed
the
switch-to-using-app-token-instead-of-pat
branch
from
c04a4e2 to
ab5068b
Compare
|
I set these secrets in both Actions and Dependabot secrets. Once I merge, I'll delete the PAT secret as it'll no longer be used. |
|
Confirmed working in #382 (comment) 🎉 |
ilkka
referenced
this pull request
in ilkka/nisse
Sep 20, 2023
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | action | minor | `v1.3.1` -> `v1.6.0` | --- ### Release Notes <details> <summary>dependabot/fetch-metadata (dependabot/fetch-metadata)</summary> ### [`v1.6.0`](https://github.com/dependabot/fetch-metadata/releases/tag/v1.6.0) [Compare Source](https://github.com/dependabot/fetch-metadata/compare/v1.5.1...v1.6.0) #### What's Changed - Add `.vscode` folder to `.gitignore` by [@​timothy-humphrey](https://github.com/timothy-humphrey) in [https://github.com/dependabot/fetch-metadata/pull/385](https://github.com/dependabot/fetch-metadata/pull/385) - Support for Grouped Updates by [@​Nishnha](https://github.com/Nishnha) in [https://github.com/dependabot/fetch-metadata/pull/396](https://github.com/dependabot/fetch-metadata/pull/396) - v1.6.0 by [@​fetch-metadata-action-automation](https://github.com/fetch-metadata-action-automation) in [https://github.com/dependabot/fetch-metadata/pull/403](https://github.com/dependabot/fetch-metadata/pull/403) #### New Contributors - [@​timothy-humphrey](https://github.com/timothy-humphrey) made their first contribution in [https://github.com/dependabot/fetch-metadata/pull/385](https://github.com/dependabot/fetch-metadata/pull/385) **Full Changelog**: dependabot/fetch-metadata@v1...v1.6.0 ### [`v1.5.1`](https://github.com/dependabot/fetch-metadata/releases/tag/v1.5.1) [Compare Source](https://github.com/dependabot/fetch-metadata/compare/v1.5.0...v1.5.1) #### What's Changed Bugfix: - Fix library parser to trim trailing LF by [@​kachick](https://github.com/kachick) in [https://github.com/dependabot/fetch-metadata/pull/380](https://github.com/dependabot/fetch-metadata/pull/380) Dep bumps that are trivial so decided to keep this a patch release: - Bump yargs from 17.7.1 to 17.7.2 by [@​dependabot](https://github.com/dependabot) in [https://github.com/dependabot/fetch-metadata/pull/379](https://github.com/dependabot/fetch-metadata/pull/379) - Bump [@​types/node](https://github.com/types/node) from 20.2.1 to 20.2.3 by [@​dependabot](https://github.com/dependabot) in [https://github.com/dependabot/fetch-metadata/pull/382](https://github.com/dependabot/fetch-metadata/pull/382) Internal-facing infra changes: - Group
](https://renovatebot.com){kind=link}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The app token will persist even as users come/go from the
team.
It also allows us more finegrained access controls from the app settings page if we need to suddenly lockdown something, we don't have to rely on the person who created the PAT.