Skip to content

Allow using GITHUB_TOKEN downstream #89

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 14, 2025
Merged

Allow using GITHUB_TOKEN downstream #89

merged 1 commit into from
Feb 14, 2025

Conversation

award999
Copy link
Contributor

@award999 award999 commented Feb 5, 2025

Looking at https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/accessing-contextual-information-about-workflow-runs#github-context the github.token is only available withins the steps. Of the common workflow, but the jobs extending it do not have access. The vscode-swift extension publishes a build of the extension in a separate job, and we want to be able to download it within the common workflow so we can test what is actually might be released.

@award999 award999 requested a review from a team as a code owner February 5, 2025 13:20
@award999
Copy link
Contributor Author

award999 commented Feb 5, 2025

@shahmishal I've tested this on my fork of vscode-swift https://github.com/award999/vscode-swift/actions/runs/13144430476. It does allow us to download the artifact for the sake of testing the extension we may ship.

https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#permissions-for-the-github_token outlines the default permissions.

@award999
Allow using GITHUB_TOKEN downstream
3512e3b 
Looking at https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/accessing-contextual-information-about-workflow-runs#github-context
the `github.token` is only available withins the `steps`. Of the common
workflow, but the jobs extending it do not have access. The vscode-swift
extension publishes a build of the extension in a separate job, and we
want to be able to download it within the common workflow so we can test
what is actually might be released.
MahdiBM
MahdiBM reviewed Feb 5, 2025
View reviewed changes
.github/workflows/swift_package_test.yml
Comment on lines +87 to +90
- name: Provide token
if: ${{ inputs.needs_token }}
run: |
echo "GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> $GITHUB_ENV
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if something like this at call sites would do what you want:

    uses: path/to/my/ci-file
+   secrets: inherit

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That didn't work unfortunately. secrets.GITHUB_TOKEN was empty

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually it wasn't the fact it was empty, secrets.GITHUB_TOKEN causes an error
Screenshot 2025-02-05 at 9 45 40 AM

and then github.secrets.GITHUB_TOKEN doesn't cause an error but is empty. And yes secrets is set to inherit

@shahmishal shahmishal merged commit de01c02 into swiftlang:main Feb 14, 2025
24 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MahdiBM MahdiBM MahdiBM left review comments

@shahmishal shahmishal shahmishal approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@award999 @shahmishal @MahdiBM