Skip to content

[WIP] Test default token in cleanup-old-packages wrkflw #1535

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

[WIP] Test default token in cleanup-old-packages wrkflw #1535

wants to merge 2 commits into from

Conversation

@ivanzati
Copy link
Contributor

@ivanzati ivanzati commented Nov 21, 2025

πŸ“ Description

Test default token to delete package version workflow

✨ Type of Change

Select the type of change your PR introduces:

  • [x ] 🐞 Bug fix – Non-breaking change which fixes an issue
  • πŸš€ New feature – Non-breaking change which adds functionality
  • πŸ”¨ Refactor – Non-breaking change which refactors the code base
  • πŸ’₯ Breaking change – Changes that break existing functionality
  • πŸ“š Documentation update
  • πŸ”’ Security update
  • πŸ§ͺ Tests

πŸ§ͺ Testing Scenarios

Describe how the changes were tested and how reviewers can test them too:

  • βœ… Tested manually
  • πŸ€– Run automated end-to-end tests

βœ… Checklist

Before submitting the PR, ensure the following:

  • πŸ” PR title is clear and meaningful
  • ✍️ PR description clearly explains the changes and their reason
  • πŸ“ I have linked the PR to the corresponding GitHub Issues, if any
  • πŸ’¬ I have commented my code, especially in hard-to-understand areas
  • πŸ“„ I have made corresponding changes to the documentation
  • βœ… I have added tests that prove my fix is effective or my feature works

@ivanzati ivanzati requested a review from kamillipka as a code owner November 21, 2025 10:31
Copilot AI review requested due to automatic review settings November 21, 2025 10:31
Copilot AI reviewed Nov 21, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR modifies the cleanup-old-packages workflow to use the default GITHUB_TOKEN instead of a custom GHCR_CLEANUP_TOKEN secret for package deletion operations. This change is being tested to verify if the default token has sufficient permissions for GitHub Container Registry cleanup tasks.

Key Changes:

  • Replaced GHCR_CLEANUP_TOKEN with GITHUB_TOKEN across all cleanup operations
  • Added error handling with continue-on-error: true to prevent workflow failures during testing

πŸ’‘ Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/workflows/cleanup-old-packages.yml
- name: Cleanup old packages
if: ${{ github.event.inputs.dry_run != 'true' && steps.prepare-versions.outputs.package_version_ids != '' }}
uses: actions/delete-package-versions@e5bc658cc4c965c472efe991f8beea3981499c55 # v5.0.0
continue-on-error: true
Copy link

Copilot AI Nov 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding continue-on-error: true masks failures during testing. While this might be intentional for the WIP phase, ensure this is removed before merging to production. Silent failures in cleanup operations could lead to package retention issues going unnoticed.

Copilot uses AI. Check for mistakes.
.github/workflows/cleanup-old-packages.yml
- name: Cleanup untagged packages
if: ${{ github.event.inputs.dry_run != 'true' }}
uses: actions/delete-package-versions@e5bc658cc4c965c472efe991f8beea3981499c55 # v5.0.0
continue-on-error: true
Copy link

Copilot AI Nov 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding continue-on-error: true masks failures during testing. While this might be intentional for the WIP phase, ensure this is removed before merging to production. Silent failures in cleanup operations could lead to package retention issues going unnoticed.

Suggested change
continue-on-error: true

Copilot uses AI. Check for mistakes.
.github/workflows/cleanup-old-packages.yml
MIN_VERSIONS_TO_KEEP: ${{ github.event.inputs.min_versions_to_keep }}
PACKAGE_NAME: ${{ github.event.inputs.package_name }}
GH_TOKEN: ${{ secrets.GHCR_CLEANUP_TOKEN }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Copy link

Copilot AI Nov 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The default GITHUB_TOKEN has limited permissions by default. Verify that the workflow has the packages: write permission granted in the workflow permissions section to successfully delete package versions. Without explicit permission grants, this token may lack sufficient privileges for package deletion operations.

Suggested change
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_TOKEN: ${{ github.token }}

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@kamillipka kamillipka Awaiting requested review from kamillipka kamillipka is a code owner

@mramotowski mramotowski Awaiting requested review from mramotowski mramotowski is a code owner

@AlexanderBarabanov AlexanderBarabanov Awaiting requested review from AlexanderBarabanov AlexanderBarabanov is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ivanzati