Skip to content

Commit e21c9fb

Browse files
jeffwidmanjeffwidman
authored
Switch to the official action for managing app tokens (#504)
Improve security by switching to the official GitHub action for managing app tokens. More [details](tibdex/github-app-token#99 (comment)). The `repositories` key is safe to remove because per the [docs](https://github.com/actions/create-github-app-token?tab=readme-ov-file#repositories): > If owner and repositories are empty, access will be scoped to only the current repository.
1 parent 3e1bcb9 commit e21c9fb

File tree

4 files changed

+12
-16
lines changed

4 files changed

+12
-16
lines changed

Diff for: .github/workflows/dependabot-auto-merge.yml

+3-4
Original file line numberDiff line numberDiff line change
@@ -9,11 +9,10 @@ jobs:
99
steps:
1010
- name: Generate token
1111
id: generate_token
12-
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
12+
uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0
1313
with:
14-
app_id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }}
15-
private_key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }}
16-
repositories: "dependabot/fetch-metadata"
14+
app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }}
15+
private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }}
1716

1817
- name: Check out code
1918
uses: actions/checkout@v4

Diff for: .github/workflows/dependabot-build.yml

+3-4
Original file line numberDiff line numberDiff line change
@@ -33,11 +33,10 @@ jobs:
3333
steps:
3434
- name: Generate token
3535
id: generate_token
36-
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
36+
uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0
3737
with:
38-
app_id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }}
39-
private_key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }}
40-
repositories: "dependabot/fetch-metadata"
38+
app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }}
39+
private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }}
4140

4241
- uses: actions/checkout@v4
4342
with:

Diff for: .github/workflows/release-bump-version.yml

+3-4
Original file line numberDiff line numberDiff line change
@@ -20,11 +20,10 @@ jobs:
2020
steps:
2121
- name: Generate token
2222
id: generate_token
23-
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
23+
uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0
2424
with:
25-
app_id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }}
26-
private_key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }}
27-
repositories: "dependabot/fetch-metadata"
25+
app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }}
26+
private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }}
2827

2928
- uses: actions/checkout@v4
3029
with:

Diff for: .github/workflows/release-move-tracking-tag.yml

+3-4
Original file line numberDiff line numberDiff line change
@@ -30,11 +30,10 @@ jobs:
3030
steps:
3131
- name: Generate token
3232
id: generate_token
33-
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
33+
uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0
3434
with:
35-
app_id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }}
36-
private_key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }}
37-
repositories: "dependabot/fetch-metadata"
35+
app-id: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_APP_ID }}
36+
private-key: ${{ secrets.FETCH_METADATA_ACTION_AUTOMATION_PRIVATE_KEY }}
3837

3938
- uses: actions/checkout@v4
4039
with:

0 commit comments

Comments
 (0)