Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Workflows: Token generation as a step rather than a job #32868

Merged
merged 1 commit into from
Aug 4, 2023
Merged

Workflows: Token generation as a step rather than a job #32868

merged 1 commit into from
Aug 4, 2023

Conversation

justinretzolk
Copy link
Member

Description

While #32849 correctly moved authentication to a GitHub App generated token, it did not take into account another caveat to Actions: job outputs that contain sensitive data are dropped and not emitted by runners. This PR moves token generation to a step within the jobs that need it to overcome this.

Relations

Relates #32849

References

Job outputs containing expressions are evaluated on the runner at the end of each job. Outputs containing secrets are redacted on the runner and not sent to GitHub Actions.

Output from Acceptance Testing

N/a, Actions

@github-actions
Copy link

github-actions bot commented Aug 4, 2023

Community Note

Voting for Prioritization

  • Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

  • Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
  • For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
  • Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

@github-actions github-actions bot added repository Repository modifications; GitHub Actions, developer docs, issue templates, codeowners, changelog. github_actions Pull requests that update Github_actions code size/M Managed by automation to categorize the size of a PR. and removed repository Repository modifications; GitHub Actions, developer docs, issue templates, codeowners, changelog. github_actions Pull requests that update Github_actions code labels Aug 4, 2023
@justinretzolk justinretzolk merged commit c6ccb75 into main Aug 4, 2023
21 of 23 checks passed
@justinretzolk justinretzolk deleted the m-app-token-fix branch August 4, 2023 16:29
@github-actions github-actions bot added this to the v5.12.0 milestone Aug 4, 2023
@github-actions
Copy link

This functionality has been released in v5.12.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 10, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@breathingdust breathingdust breathingdust approved these changes

Assignees
No one assigned
Labels
size/M Managed by automation to categorize the size of a PR.
Projects
None yet
Milestone
v5.12.0
Development

Successfully merging this pull request may close these issues.
2 participants
@justinretzolk @breathingdust