Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: use ephemeral tokens with the required permissions #271

Merged
merged 1 commit into from
Sep 16, 2024

Conversation

v1v
Copy link
Member

@v1v v1v commented Sep 9, 2024

What

Use https://github.com/tibdex/github-app-token to generate ephemeral tokens so we can automate:

  • Update CLI
  • release automation

Why

This is the alternative to moving away from finer-grained GitHub tokens and reducing the cumbersome of rotating them as we do nowadays.

Implementaiton details

We have used the same GitHub action in other places. I'm just trying the permissions flag to avoid using other permissions that require least-permissive access.

Release automation uses the ephemeral GitHub token generated by the GitHub action itself.

@v1v v1v requested a review from a team September 9, 2024 10:59
@v1v v1v self-assigned this Sep 9, 2024
@v1v
Copy link
Member Author

v1v commented Sep 9, 2024

The CLA checker will cause some disruptions - I'm working on it with the relevant CLA owners. For now, I'll keep this draft to avoid surprises.

@v1v v1v marked this pull request as draft September 9, 2024 14:09
@v1v v1v marked this pull request as ready for review September 16, 2024 10:01
@v1v v1v merged commit 9023de4 into elastic:main Sep 16, 2024
4 checks passed
@v1v v1v deleted the feature/use-ephemeral-tokens branch September 16, 2024 10:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants