Allow to Use Custom Git Actor for Bundled JS Output #14
Conversation
DavideIadeluca
force-pushed
the
di/custom-actor
branch
from
6f5144b to
aecdf7e
Compare
DavideIadeluca
force-pushed
the
di/custom-actor
branch
from
204feff to
8f06c53
Compare
| const token = core.getInput('github_token', { required: true, trimWhitespace: true }); | ||
|
|
||
| debugLog(`** Pushing commit`); | ||
|
|
||
| await git.addRemote('upstream', `https://${process.env.GITHUB_ACTOR}:${token}@github.com/${process.env.GITHUB_REPOSITORY}.git`); | ||
| await git.addRemote('upstream', `https://github-actions:${process.env.GITHUB_TOKEN}@github.com/${process.env.GITHUB_REPOSITORY}.git`); |
There was a problem hiding this comment.
is this changed because the github token parameter is no longer necessary?
There was a problem hiding this comment.
The token is still necessary, but it is fetched in another way. If a workflow provides a custom git_actor_token, then that token will be used instead of the default GITHUB_TOKEN.
REUSABLE_frontend.yml:
steps:
- name: Check out code
uses: actions/checkout@v4
with:
token: ${{ secrets.git_actor_token != '' && secrets.git_actor_token || secrets.GITHUB_TOKEN }}There was a problem hiding this comment.
sorry I don't get it. there is no git_actor_token for this action build though, it seems like the github_token parameter is no longer used after this PR, but is still documented. Though I still can't tell if it's no longer necessary here because the new upstream link doesn't require passing a token from the origin repo:
https://${process.env.GITHUB_ACTOR}:${token}@github.com/${process.env.GITHUB_REPOSITORY}.git
vs
https://github-actions:${process.env.GITHUB_TOKEN}@github.com/${process.env.GITHUB_REPOSITORY}.git
There was a problem hiding this comment.
The github_token will continue to be used after this PR.
Let's say an extension provides the new git_actor_token secret to the REUSABLE_frontend.yml workflow of core. At https://github.com/flarum/framework/pull/4099/files#diff-8f0cab030414f9e64c7444c9011370f3435c52893686c91babdb72810568b0dcR136-R137 we are checking if that token is provided or not. If yes, the GITHUB_TOKEN will be reassigned with the value of the token provided by the extension. If not, the default GITHUB_TOKEN will be used.
About the upstream link; If I recall correctly, It didn't actually make a difference if I used ${process.env.GITHUB_ACTOR} or github-actions: for the upstream link during testing. Using github-actions: felt cleaner to me.
Does that make sense?
There was a problem hiding this comment.
@DavideIadeluca sorry but you keep linking to the part of the workflow about actions/checkout, but this is about actions/build
- we are still passing the same github_token, even though the changes here remove that parameter
- github_token is still documented in this repository as a usable parameter, but the line the comments are directed at, remove its usage.
I am still confused whether github_token the parameter for this action flarum/action-build@v4 which is this repository (not actions/checkout@v4) is still needed/can be completely removed, or why the removal is done.
I understand everything else about the git actor, just the github_token parameter is still confusing to me. As this PR leaves it in a state of documented and supplied by the fremework but not actually used by the action itself
I may be forgetting something, what's the relation between the token passed to the checkout action and this build action?
steps:
- name: Check out code
uses: actions/checkout@v4
with:
token: ${{ secrets.git_actor_token != '' && secrets.git_actor_token || secrets.GITHUB_TOKEN }}
...
- name: JS Checks & Production Build
uses: flarum/action-build@v4
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
Counterpart to flarum/framework#4078 and flarum/framework#4099
Fixes #0000
Please see the description in flarum/framework#4078 for why this PR was opened.
Changes proposed in this pull request:
Reviewers should focus on:
Screenshot
QA
Necessity
Confirmed
composer test).Required changes: