[CI] Use ephemeral token for git push commands (#1991)

elastic · Jul 30, 2024 · 70ce2ee · 70ce2ee
1 parent 021af2e
commit 70ce2ee
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 6 deletions.
diff --git a/.buildkite/hooks/pre-command b/.buildkite/hooks/pre-command
@@ -110,9 +110,11 @@ if [[ "$BUILDKITE_PIPELINE_SLUG" == "elastic-package" && "$BUILDKITE_STEP_KEY" =
 fi
 
 if [[ "$BUILDKITE_PIPELINE_SLUG" == "elastic-package-test-with-integrations" && "$BUILDKITE_STEP_KEY" == "pr-integrations" ]]; then
+    # required to set the git commit information
     GITHUB_USERNAME_SECRET="elasticmachine"
     export GITHUB_USERNAME_SECRET=$GITHUB_USERNAME_SECRET
     export GITHUB_EMAIL_SECRET="[email protected]"
+    # required by `gh` commands
     export GITHUB_TOKEN=$VAULT_GITHUB_TOKEN
 fi
 

diff --git a/.buildkite/scripts/test-with-integrations.sh b/.buildkite/scripts/test-with-integrations.sh
@@ -43,12 +43,10 @@ set_git_config() {
     git config user.email "${GITHUB_EMAIL_SECRET}"
 }
 
-git_push_with_auth() {
-    local owner="$1"
-    local repository="$2"
-    local branch="$3"
+git_push() {
+    local branch="$1"
 
-    retry 3 git push https://${GITHUB_USERNAME_SECRET}:${GITHUB_TOKEN}@github.com/${owner}/${repository}.git "${branch}"
+    retry 3 git push origin "${branch}"
 }
 
 clone_repository() {
@@ -141,7 +139,7 @@ create_or_update_pull_request() {
     update_dependency
 
     echo "--- Pushing branch ${INTEGRATIONS_PR_BRANCH} to integrations repository..."
-    git_push_with_auth "${INTEGRATIONS_GITHUB_OWNER}" "${INTEGRATIONS_GITHUB_REPO_NAME}" "${INTEGRATIONS_PR_BRANCH}"
+    git_push "${INTEGRATIONS_PR_BRANCH}"
 
     if [ -z "${integrations_pr_number}" ]; then
         echo "--- Creating pull request :github:"