Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to configure with a Github token #129

Open
mcollina opened this issue Jan 26, 2023 · 9 comments · May be fixed by #130
Open

How to configure with a Github token #129

mcollina opened this issue Jan 26, 2023 · 9 comments · May be fixed by #130
Assignees
@syedfarhanNF

Comments

@mcollina
Copy link
Member

From mercurius-js/mercurius#941 (comment):

If it is configured with a GH token, which the app source supports, then we shouldn't be rate limited (on any org, not just fastify), but since we are, it feels like the app is running without a GH token.

@simoneb how do I configure this with a token?
@mcollina mcollina mentioned this issue Jan 26, 2023
Closed
@simoneb
Copy link
Collaborator

simoneb commented Jan 26, 2023

@syedfarhanNF can you please look into this? It requires changing the workflow to pass the env var for the token, populated from the gh secret called GH_AUTH_TOKEN

@syedfarhanNF
Copy link

You will need to create a new secret if doesn't already exist called GH_AUTH_TOKEN. Then modify the github workflow for deployment so it passes this secret into the containers environment variables.

id: 'deploy'
  uses: google-github-actions/deploy-cloudrun@v1
  with:
    service: ${{ secrets.GCP_CLOUDRUN_SERVICE_NAME }}
    region: ${{ secrets.GCP_CLOUDRUN_SERVICE_REGION }}
    project_id: ${{ secrets.GCP_PROJECT_ID }}
    flags: --allow-unauthenticated --timeout 1800
    env_vars: |
    GH_AUTH_TOKEN=${{ secrets.GH_AUTH_TOKEN }}
    source: .

@simoneb
Copy link
Collaborator

simoneb commented Jan 30, 2023

@syedfarhanNF can you please send a PR to modify the workflow?

@simoneb
Copy link
Collaborator

simoneb commented Jan 30, 2023

note that the secret is already in the repo although I don't know what value it has. @mcollina it would be good to populate it with a value with very limited permissions

@mcollina
Copy link
Member Author

I think it's set up correctly. let's see if it works.

@syedfarhanNF
Copy link

@simoneb @mcollina Heres a PR with updated workflow and updated readme with access token details #130

@syedfarhanNF
Copy link

syedfarhanNF commented Feb 3, 2023
edited
Loading

Hi @mcollina,

  1. We need to create a classic personal access token with no scope set. Creating a Classic Personal Access Token So in step 8 from this guide, nothing should be selected. Follow the rest of the guide as said. Copy the token.

Screen Shot 2023-02-03 at 10 37 11 AM

  1. Then navigate to this repos settings. Click secrets on the left menu. There should already be a token that exists called GH_AUTH_TOKEN. Paste the new token into this.

That should be all thats required from you. We can then merge this PR.

@mcollina
Copy link
Member Author

mcollina commented Feb 3, 2023

Creating a personal access token is a security nightmare. We should use the new fine-grained ones.

@simoneb
Copy link
Collaborator

simoneb commented Feb 3, 2023

The issue with fine grained tokens is that they expire. Apart from that, they will work the same as the others

@Eomm Eomm linked a pull request May 12, 2023 that will close this issue
feat: Add env_vars GH_AUTH_TOKEN to deploy step. #130
Open
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@syedfarhanNF syedfarhanNF

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Add env_vars GH_AUTH_TOKEN to deploy step. syedfarhanNF/gh-issues-finder
3 participants
@simoneb @mcollina @syedfarhanNF