Use GITHUB_TOKEN authentication on workflows #464
Conversation
Sherlouk
changed the title
5216: Add support for GITHUB_TOKEN authentication in installation script r=curquiza a=Sherlouk # Pull Request ## What does this PR do? This tweaks the install script to support detection of a "GITHUB_TOKEN" variable. This is well documented [here](https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication) but is useful for GitHub Actions workflows, reducing the need for users to maintain a separate PAT token. This should be more reliable. Note: these changes have been tested on the Swift project: meilisearch/meilisearch-swift#464. ## PR checklist Please check if your PR fulfills the following requirements: - [x] Does this PR fix an existing issue, or have you listed the changes applied in the PR description (and why they are needed)? - [x] Have you read the contributing guidelines? - [x] Have you made sure that the title is accurate and descriptive of the changes? Thank you so much for contributing to Meilisearch! Co-authored-by: James Sherlock <[email protected]>
5216: Add support for GITHUB_TOKEN authentication in installation script r=curquiza a=Sherlouk # Pull Request ## What does this PR do? This tweaks the install script to support detection of a "GITHUB_TOKEN" variable. This is well documented [here](https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication) but is useful for GitHub Actions workflows, reducing the need for users to maintain a separate PAT token. This should be more reliable. Note: these changes have been tested on the Swift project: meilisearch/meilisearch-swift#464. ## PR checklist Please check if your PR fulfills the following requirements: - [x] Does this PR fix an existing issue, or have you listed the changes applied in the PR description (and why they are needed)? - [x] Have you read the contributing guidelines? - [x] Have you made sure that the title is accurate and descriptive of the changes? Thank you so much for contributing to Meilisearch! Co-authored-by: James Sherlock <[email protected]>
|
@Sherlouk meilisearch/meilisearch#5216 has been merged, what can we do with this PR now? |
curquiza
added
the
maintenance
|
So https://install.meilisearch.com/ links to https://raw.githubusercontent.com/meilisearch/meilisearch/latest/download-latest.sh which I believe is driven by the latest tag on the repository. So until we re-tag the main repository, the install script won't be updated. I could temporarily point to https://raw.githubusercontent.com/meilisearch/meilisearch/main/download-latest.sh (notice main vs latest in the URL), but yeah need to wait for a tag. |
|
Pushed with the updated script (https://raw.githubusercontent.com/meilisearch/meilisearch/main/download-latest.sh) just to demonstrate. Obviously once we re-tag we can revert the curl line back to The only necessary change (once tagged), and what will want to be reproduced on every repository (well those which don't use Docker), is: - GITHUB_PAT: ${{ secrets.MEILI_BOT_GH_PAT }}
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}edit:// looks like a tag was published a few hours ago, but didn't include these changes (see here). Need the updated script to be tagged. |
Pull Request
Related issue
CI is current very intermittent with predominantly rate limiting errors being thrown.
What does this PR do?
ℹ️ Once the install script is updated, we should look to make this same change on all workflows across the Meilisearch estate, eliminating use of the PAT for testing.
PR checklist
Please check if your PR fulfills the following requirements:
Thank you so much for contributing to Meilisearch!