Skip to content

Commit 083324d

Browse files
ariansviariansvi
committed
Refactor CI workflow to use AUTHZCACHE_TO_COMMON secret
Replaces the GitHub App token generation and usage with the AUTHZCACHE_TO_COMMON secret for repository access and GITHUB_TOKEN environment variable. Removes debug and token creation steps for a simpler and more direct workflow.
1 parent 3831cf5 commit 083324d

File tree

1 file changed

+16
-59
lines changed

1 file changed

+16
-59
lines changed

.github/workflows/ci.yml

Lines changed: 16 additions & 59 deletions
Original file line numberDiff line numberDiff line change
@@ -14,40 +14,17 @@ jobs:
1414
steps:
1515
- name: Checkout code
1616
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
17-
- name: Debug secrets
18-
run: |
19-
echo "APP_ID length: ${#APP_ID}"
20-
echo "APP_PEM length: ${#APP_PEM}"
21-
if [[ -z "$APP_ID" ]]; then
22-
echo "❌ APP_ID is empty or not set"
23-
exit 1
24-
else
25-
echo "✅ APP_ID is set"
26-
fi
27-
if [[ -z "$APP_PEM" ]]; then
28-
echo "❌ APP_PEM is empty or not set"
29-
exit 1
30-
else
31-
echo "✅ APP_PEM is set"
32-
fi
33-
env:
34-
APP_ID: ${{ secrets.APP_ID }}
35-
APP_PEM: ${{ secrets.APP_PEM }}
36-
- name: Generate GitHub App Token
37-
id: github_app_token
38-
uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
39-
with:
40-
app-id: ${{ secrets.APP_ID }}
41-
private-key: ${{ secrets.APP_PEM }}
17+
18+
4219
- name: Checkout common scripts
4320
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
4421
with:
4522
repository: descope/common
46-
token: ${{ steps.github_app_token.outputs.token }}
23+
token: ${{ secrets.AUTHZCACHE_TO_COMMON }}
4724
path: vendor/github.com/descope/common
4825
- name: Build
4926
env:
50-
GITHUB_TOKEN: ${{ steps.github_app_token.outputs.token }}
27+
GITHUB_TOKEN: ${{ secrets.AUTHZCACHE_TO_COMMON }}
5128
GO_VERSION: ${{ env.GO_VERSION }}
5229
APP_PEM: ${{ secrets.APP_PEM }}
5330
APP_ID: ${{ secrets.APP_ID }}
@@ -62,21 +39,16 @@ jobs:
6239
steps:
6340
- name: Checkout code
6441
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
65-
- name: Generate GitHub App Token
66-
id: github_app_token
67-
uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
68-
with:
69-
app-id: ${{ secrets.APP_ID }}
70-
private-key: ${{ secrets.APP_PEM }}
42+
7143
- name: Checkout common scripts
7244
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
7345
with:
7446
repository: descope/common
75-
token: ${{ steps.github_app_token.outputs.token }}
47+
token: ${{ secrets.AUTHZCACHE_TO_COMMON }}
7648
path: vendor/github.com/descope/common
7749
- name: Lint and more checks
7850
env:
79-
GITHUB_TOKEN: ${{ steps.github_app_token.outputs.token }}
51+
GITHUB_TOKEN: ${{ secrets.AUTHZCACHE_TO_COMMON }}
8052
GO_VERSION: ${{ env.GO_VERSION }}
8153
APP_PEM: ${{ secrets.APP_PEM }}
8254
APP_ID: ${{ secrets.APP_ID }}
@@ -91,22 +63,17 @@ jobs:
9163
steps:
9264
- name: Checkout code
9365
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
94-
- name: Generate GitHub App Token
95-
id: github_app_token
96-
uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
97-
with:
98-
app-id: ${{ secrets.APP_ID }}
99-
private-key: ${{ secrets.APP_PEM }}
66+
10067
- name: Checkout common scripts
10168
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
10269
with:
10370
repository: descope/common
104-
token: ${{ steps.github_app_token.outputs.token }}
71+
token: ${{ secrets.AUTHZCACHE_TO_COMMON }}
10572
path: vendor/github.com/descope/common
10673
- name: Run Tests
10774
env:
10875
DATABASE_PASSWORD: ${{ env.DATABASE_PASSWORD }}
109-
GITHUB_TOKEN: ${{ steps.github_app_token.outputs.token }}
76+
GITHUB_TOKEN: ${{ secrets.AUTHZCACHE_TO_COMMON }}
11077
GO_VERSION: ${{ env.GO_VERSION }}
11178
APP_PEM: ${{ secrets.APP_PEM }}
11279
APP_ID: ${{ secrets.APP_ID }}
@@ -122,21 +89,16 @@ jobs:
12289
steps:
12390
- name: Checkout code
12491
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
125-
- name: Generate GitHub App Token
126-
id: github_app_token
127-
uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
128-
with:
129-
app-id: ${{ secrets.APP_ID }}
130-
private-key: ${{ secrets.APP_PEM }}
92+
13193
- name: Checkout common scripts
13294
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
13395
with:
13496
repository: descope/common
135-
token: ${{ steps.github_app_token.outputs.token }}
97+
token: ${{ secrets.AUTHZCACHE_TO_COMMON }}
13698
path: vendor/github.com/descope/common
13799
- name: Run Security checks
138100
env:
139-
GITHUB_TOKEN: ${{ steps.github_app_token.outputs.token }}
101+
GITHUB_TOKEN: ${{ secrets.AUTHZCACHE_TO_COMMON }}
140102
GO_VERSION: ${{ env.GO_VERSION }}
141103
APP_PEM: ${{ secrets.APP_PEM }}
142104
APP_ID: ${{ secrets.APP_ID }}
@@ -158,21 +120,16 @@ jobs:
158120
- name: Checkout code
159121
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
160122

161-
- name: Generate GitHub App Token
162-
id: github_app_token
163-
uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
164-
with:
165-
app-id: ${{ secrets.APP_ID }}
166-
private-key: ${{ secrets.APP_PEM }}
123+
167124
- name: Checkout common scripts
168125
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
169126
with:
170127
repository: descope/common
171-
token: ${{ steps.github_app_token.outputs.token }}
128+
token: ${{ secrets.AUTHZCACHE_TO_COMMON }}
172129
path: vendor/github.com/descope/common
173130
- name: Pack and Upload
174131
env:
175-
GITHUB_TOKEN: ${{ steps.github_app_token.outputs.token }}
132+
GITHUB_TOKEN: ${{ secrets.AUTHZCACHE_TO_COMMON }}
176133
GO_VERSION: ${{ env.GO_VERSION }}
177134
APP_PEM: ${{ secrets.APP_PEM }}
178135
APP_ID: ${{ secrets.APP_ID }}

0 commit comments

Comments
 (0)