Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: instructions on verifying token access to a repository #387

Merged
merged 5 commits into from
Sep 28, 2024
Merged

docs: instructions on verifying token access to a repository #387

merged 5 commits into from
Sep 28, 2024

Conversation

andimiya
Copy link
Contributor

Pull Request

Offering a little script to help verify token access to a repository.
When I was going through the repo setup and figuring out how to use this action on my own, I ran into some confusion around the GitHub PAT token access, especially since our Github access is behind SAML SSO.

Proposed Changes

Add a how-to page on checking the token access and a link to it via the README.

Readiness Checklist

Author/Contributor

  • If documentation is needed for this change, has that been included in this pull request
  • run make lint and fix any issues that you have introduced
  • run make test and ensure you have test coverage for the lines you are introducing
  • If publishing new data to the public (scorecards, security scan results, code quality results, live dashboards, etc.), please request review from @jeffrey-luszcz

Reviewer

  • Label as either fix, documentation, enhancement, infrastructure, maintenance, or breaking

@andimiya andimiya added the documentation Improvements or additions to documentation label Sep 27, 2024
@andimiya andimiya self-assigned this Sep 27, 2024
andimiya
andimiya commented Sep 27, 2024
View reviewed changes
docs/verify-token-access-to-repository.md

- Go to your repository Actions in Github and run your job.
- In the job run details, click into the results of `Check Github token permissions`
- You should see your token details with no errors.
Copy link
Contributor Author

@andimiya andimiya Sep 27, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the output in Github actions.
I don't think this opens people up to security issues even if they publish this along with their action, but want a second opinion here @jmeridth @zkoppert

image image

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No security concerns. GitHub Actions masks the token in the output. This is a great addition.

jmeridth
jmeridth approved these changes Sep 28, 2024
View reviewed changes
docs/verify-token-access-to-repository.md

- Go to your repository Actions in Github and run your job.
- In the job run details, click into the results of `Check Github token permissions`
- You should see your token details with no errors.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No security concerns. GitHub Actions masks the token in the output. This is a great addition.

@jmeridth jmeridth merged commit 4102786 into main Sep 28, 2024
31 checks passed
@jmeridth jmeridth deleted the andimiya/verify_token_access branch September 28, 2024 05:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sutterj sutterj sutterj approved these changes

@jmeridth jmeridth jmeridth approved these changes

@zkoppert zkoppert Awaiting requested review from zkoppert zkoppert is a code owner

Assignees

@andimiya andimiya

Labels
documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@andimiya @jmeridth @sutterj