apm-pipeline-library
apm-pipeline-library copied to clipboard
actions: use ephemeral GitHub tokens
What does this PR do?
Use ephemeral GitHub tokens with https://github.com/elastic/actions-app-token in https://github.com/elastic/apm-pipeline-library/pull/2491/commits/12316d2005862790d19bfb3419e476c7fdf8432d or https://github.com/actions/create-github-app-token/tree/f04aa94d10cf56334d1c580e077ce2e3569e805d/ with the latest commits
Why is it important?
- We can move away from service machine accounts.
- Ephemeral tokens are revoked
- Fine granular access to the given repository or list of repositories.
Test
-
oblt-cli-credentials was able to use the
oblt-cli
and gather the credentials. ✅ -
publish-docker-images was able to clone using the ephemeral token. ✅
-
oblt-cli failed when writing to the GitHub repository. ⚠️
-
is-member could not use the API to check whether it is a member or not. ⚠️