apm-pipeline-library icon indicating copy to clipboard operation
apm-pipeline-library copied to clipboard

Published 20 hours ago verified publisher icon elastic

actions: use ephemeral GitHub tokens

Open v1v opened this issue 5 months ago • 0 comments

What does this PR do?

Use ephemeral GitHub tokens with https://github.com/elastic/actions-app-token in https://github.com/elastic/apm-pipeline-library/pull/2491/commits/12316d2005862790d19bfb3419e476c7fdf8432d or https://github.com/actions/create-github-app-token/tree/f04aa94d10cf56334d1c580e077ce2e3569e805d/ with the latest commits

Why is it important?

  • We can move away from service machine accounts.
  • Ephemeral tokens are revoked
  • Fine granular access to the given repository or list of repositories.

Test

  • oblt-cli-credentials was able to use the oblt-cli and gather the credentials. ✅

  • publish-docker-images was able to clone using the ephemeral token. ✅

  • oblt-cli failed when writing to the GitHub repository. ⚠️

  • is-member could not use the API to check whether it is a member or not. ⚠️

v1v avatar Jan 17 '24 12:01 v1v