Skip to content

fix: don't require GH PAT #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 1, 2025
Merged

fix: don't require GH PAT #5

merged 1 commit into from
Sep 1, 2025

Conversation

@gberenice
Copy link
Member

@gberenice gberenice commented Sep 1, 2025
edited by coderabbitai bot
Loading

what

  • Don't require GH PAT for the inputs.

why

  • Not needed if the App credentials are provided

references

Summary by CodeRabbit

  • New Features

    • Added support for authentication via GitHub App credentials (app ID and private key) as an alternative to a personal access token.
    • Automatic token selection at runtime chooses between provided token and generated App token.
    • Auto-merge and upgrade steps now use the selected token for consistent authentication.

  • Refactor

    • Updated workflow to accommodate dual authentication modes and streamlined control flow.

  • Documentation

    • Clarified input descriptions to reflect optional token and newly supported GitHub App credentials.

@gberenice gberenice requested a review from a team as a code owner September 1, 2025 16:53
@gberenice gberenice merged commit 0b927a3 into main Sep 1, 2025
3 checks passed
@gberenice gberenice deleted the fix/dont-require-gh-token branch September 1, 2025 16:55
@masterpointbot masterpointbot bot mentioned this pull request Sep 1, 2025
Merged
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Sep 1, 2025

Walkthrough

This PR updates action.yml to support two authentication modes. Inputs are adjusted to remove explicit required flags, and the github-token description clarifies fallback behavior when GitHub App credentials are not provided. New steps generate a GitHub App installation token when app-id and app-private-key are supplied, then choose between the generated token and the provided github-token. Validation ensures either github-token or both app-id and app-private-key are present. Downstream steps (e.g., auto-merge and trunk upgrade) are rewired to consume the derived token from steps.github-token.outputs.token.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

Suggested reviewers

  • westonplatter
✨ Finishing Touches
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch fix/dont-require-gh-token

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

  • Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

Status, Documentation and Community

  • Visit our Status Page to check the current availability of CodeRabbit.
  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed Sep 1, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (2)
action.yml (2)

54-56: Validation logic is correct; consider early sanity checks for app credentials

The either/or guard is solid. As a small hardening step, validate common mistakes:

  • Ensure app-id is numeric.
  • Ensure app-private-key looks like a PEM (starts with "-----BEGIN").

This helps fail fast before hitting token generation.

Example to append after this block:

# Optional: sanity checks when app creds are supplied
if [[ -n "${{ inputs.app-id }}" || -n "${{ inputs.app-private-key }}" ]]; then
  if ! [[ "${{ inputs.app-id }}" =~ ^[0-9]+$ ]]; then
    echo "::error::app-id must be a numeric GitHub App ID"
    exit 1
  fi
  if [[ "${{ inputs.app-private-key }}" != *"BEGIN"* "PRIVATE KEY"* ]]; then
    echo "::error::app-private-key does not look like a PEM key"
    exit 1
  fi
fi

96-96: Good choice using GH_TOKEN for gh CLI

Binding GH_TOKEN to the resolved token ensures gh works in both modes. Optionally also export GITHUB_TOKEN for tools that look for that variable.

-        GH_TOKEN: ${{ steps.github-token.outputs.token }}
+        GH_TOKEN: ${{ steps.github-token.outputs.token }}
+        GITHUB_TOKEN: ${{ steps.github-token.outputs.token }}
📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

  • MCP integration is disabled by default for public repositories
  • Jira integration is disabled by default for public repositories
  • Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 6744328 and 4cf1d38.

📒 Files selected for processing (1)
  • action.yml (3 hunks)
🔇 Additional comments (1)
action.yml (1)

7-7: Input doc tweak looks good — optional PAT clearly signaled

Removing the hard requirement and clarifying fallback behavior aligns with the PR goal. No issues spotted.

gberenice pushed a commit that referenced this pull request Sep 1, 2025
@masterpointbot
chore(main): release 0.1.1 (#6)
e9a89ec 
🤖 I have created a release *beep* *boop*
---


##
[0.1.1](v0.1.0...v0.1.1)
(2025-09-01)


### Bug Fixes

* don't require GH PAT
([#5](#5))
([0b927a3](0b927a3))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: masterpointbot[bot] <177651640+masterpointbot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@westonplatter westonplatter Awaiting requested review from westonplatter westonplatter is a code owner automatically assigned from masterpointio/masterpoint-open-source

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gberenice