Add the ability to provide a separate auth token vs. patcher update token #49
Conversation
ceschae
force-pushed
the
caitlin/update-token
branch
from
52d06af to
a171338
Compare
ZachGoldberg
changed the title
dist/index.js
Outdated
| @@ -13768,7 +13768,8 @@ async function validateAccessToPatcherCli(octokit) { | |||
| } | |||
| } | |||
| async function run() { | |||
| const token = core.getInput("github_token"); | |||
| const githubToken = core.getInput("github_token"); | |||
| var updateToken = core.getInput("update_token"); | |||
There was a problem hiding this comment.
| var updateToken = core.getInput("update_token"); | |
| const updateToken = core.getInput("update_token"); |
There was a problem hiding this comment.
it won't let me overwrite it later, if i keep it as a const. this was the simplest way imo to keep back compatibility, but i'm open to other ideas?
There was a problem hiding this comment.
The general pattern would be something like
const token1 = getToken1();
const token2 = getToken2();
const theTokenToUse = token1 ? token1 : token2;
someplace_later_that_needs_token(theTokenToUse)
There was a problem hiding this comment.
Also, if you truly do need the value to change, use let instead of var. In only very very rare circumstances is var more correct than let in modern JS.
There was a problem hiding this comment.
thank you for the knowledge! i am a "can get by OK" type/coffee/javascript programmer. always grateful for the inside scoop!
There was a problem hiding this comment.
TIL. in javascript, token1 ? token1 : token2 and token1 ?? token2 return different values if token1 is empty string as opposed to nullish. my favorite programming language! /s
There was a problem hiding this comment.
dist/index.js
Outdated
| @@ -13768,7 +13768,8 @@ async function validateAccessToPatcherCli(octokit) { | |||
| } | |||
| } | |||
| async function run() { | |||
| const token = core.getInput("github_token"); | |||
| const githubToken = core.getInput("github_token"); | |||
There was a problem hiding this comment.
nit: I might call this instead the "gruntwork token" or "gruntwork code access token"
Co-authored-by: Zach Goldberg <zach@gruntwork.io>
ceschae
force-pushed
the
caitlin/update-token
branch
from
d56cefb to
fc47115
Compare
Description
Adds the ability to distinguish between the PAT used to download and run Gruntwork tools vs. the PAT used for
patcher update, which includes write access to the customer repo.Distinguishing the two PATs is a nice security feature, and allows for finer controls over access / better enforcement of the principle of least privilege
validation