Skip to content

chore: modify _update-self-references workflow to use a PAT #54

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
May 30, 2025
Merged

chore: modify _update-self-references workflow to use a PAT #54

merged 4 commits into from
May 30, 2025

Conversation

@FidelusAleksander
Copy link
Contributor

@FidelusAleksander FidelusAleksander commented May 30, 2025

Changes

Built in secrets.GITHUB_TOKEN does not have permissions to commit to .github/workflows directory even with contents: write permission.
The permission workflows: write is needed, which can't be granted through the permission block. See peter-evans/create-pull-request#3558

Pull request configuration updates:

Checklist

  • I have added or updated appropriate labels to this PR
  • I have tested my changes
  • I have updated the documentation if needed

Copilot AI review requested due to automatic review settings May 30, 2025 13:57
@github-actions github-actions bot added the maintenance Maintenance work on the repository label May 30, 2025
Copilot AI reviewed May 30, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR switches the self-references update workflow to use a Personal Access Token for committing changes to workflow files and cleans up reviewer/label settings.

  • Adds explanatory comments about using EXERCISE_TOOLKIT_TOKEN PAT
  • Updates the Create Pull Request step to use the PAT instead of GITHUB_TOKEN
  • Removes the reviewers field and the maintenance label
Comments suppressed due to low confidence (2)

.github/workflows/_update-self-references.yml:43

  • [nitpick] The secret name EXERCISE_TOOLKIT_TOKEN could be made more self-documenting by including PAT (e.g. EXERCISE_TOOLKIT_PAT) to clearly indicate it holds a Personal Access Token.
token: ${{ secrets.EXERCISE_TOOLKIT_TOKEN }}

.github/workflows/_update-self-references.yml:5

  • To follow least-privilege principles, add an explicit permissions block at the top (e.g., permissions: contents: write, workflows: write) so the workflow doesn’t grant more permissions than necessary.
name: Update Self-References

@FidelusAleksander FidelusAleksander merged commit dd3788a into main May 30, 2025
6 checks passed
@FidelusAleksander FidelusAleksander deleted the fix-update-refs-workflow branch May 30, 2025 14:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

maintenance Maintenance work on the repository

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@FidelusAleksander