You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
As mentioned in #2, using the GITHUB_TOKEN will block other GitHub Actions from running on pull request triggers.
This creates an issue, particularly for workflows like CodeQL, which rely on pull request triggers to function properly. While you previously recommended using fine-grained PAT tokens, they come with their own set of challenges.
I’m proposing an updated approach: using a GitHub App token instead.
Why Use a GitHub App Token?
Short-Lived Tokens: Tokens are automatically issued and expire after a short duration, reducing security risks.
Fine-Grained Permissions: Permissions are scoped and can be assigned only to the necessary operations.
Better Integration: GitHub Apps are more aligned with modern GitHub workflows and provide exemptions for branch protection rules.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
As mentioned in #2, using the
GITHUB_TOKENwill block other GitHub Actions from running on pull request triggers.This creates an issue, particularly for workflows like CodeQL, which rely on pull request triggers to function properly. While you previously recommended using fine-grained PAT tokens, they come with their own set of challenges.
I’m proposing an updated approach: using a GitHub App token instead.
Why Use a GitHub App Token?
Here’s a video that explains the benefits of GitHub App for action tokens more effectively
Steps to Set Up the GitHub App
Additional Notes
Here’s an example of what a successful workflow run looks like with this updated configuration:
Let me know if you have any questions or if further adjustments are needed!