Skip to content

[code-simplifier] refactor: simplify id-token permission handling with switch statement#18741

Closed
github-actions[bot] wants to merge 2 commits intomainfrom
code-simplifier/2026-02-27-simplifications-87627cf86686fc80
Closed

[code-simplifier] refactor: simplify id-token permission handling with switch statement#18741
github-actions[bot] wants to merge 2 commits intomainfrom
code-simplifier/2026-02-27-simplifications-87627cf86686fc80

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Feb 27, 2026

Overview

Simplifies recently merged code from PR #18701 (OIDC/vault action auto-detection) by replacing chained if/else conditions with a clean switch statement in pkg/workflow/safe_outputs_permissions.go.

Files Simplified

  • pkg/workflow/safe_outputs_permissions.go — id-token permission logic in ComputePermissionsForSafeOutputs

Improvement Made

Before (repeated nil-pointer dereferences in chained if/else):

if safeOutputs.IDToken != nil && *safeOutputs.IDToken == "none" {
    safeOutputsPermissionsLog.Print("id-token permission explicitly disabled (none)")
} else if safeOutputs.IDToken != nil && *safeOutputs.IDToken == "write" {
    safeOutputsPermissionsLog.Print("id-token: write explicitly requested")
    permissions.Set(PermissionIdToken, PermissionWrite)
} else if stepsRequireIDToken(safeOutputs.Steps) {
    safeOutputsPermissionsLog.Print("Auto-detected OIDC/vault action in steps; adding id-token: write")
    permissions.Set(PermissionIdToken, PermissionWrite)
}

After (single nil deref, switch on the three distinct cases):

idToken := ""
if safeOutputs.IDToken != nil {
    idToken = *safeOutputs.IDToken
}
switch idToken {
case "none":
    safeOutputsPermissionsLog.Print("id-token permission explicitly disabled (none)")
case "write":
    safeOutputsPermissionsLog.Print("id-token: write explicitly requested")
    permissions.Set(PermissionIdToken, PermissionWrite)
default:
    if stepsRequireIDToken(safeOutputs.Steps) {
        safeOutputsPermissionsLog.Print("Auto-detected OIDC/vault action in steps; adding id-token: write")
        permissions.Set(PermissionIdToken, PermissionWrite)
    }
}

This eliminates the duplicated safeOutputs.IDToken != nil nil-checks and uses a switch statement, per the project's standard of preferring switch statements over chained if/else for multi-case logic (per AGENTS.md).

Changes Based On

Recent code merged from:

Testing

  • ✅ All id-token tests pass (TestStepsRequireIDToken, TestComputePermissionsForSafeOutputs_IDToken)
  • ✅ Build succeeds (make build)
  • ✅ No functional changes — behavior is identical

Review Focus

Please verify that the three cases (explicit "none", explicit "write", auto-detect) produce identical behavior to the original if/else chain.

References:

Generated by Code Simplifier

  • expires on Feb 28, 2026, 7:03 PM UTC

@github-actions
refactor: simplify id-token permission handling with switch statement
27a99b8 
Replace chained if/else with repeated nil-pointer dereferences with a
clean switch statement. Dereference IDToken once into a local variable,
then use a switch to separate the three distinct cases: explicitly
disabled ("none"), explicitly enabled ("write"), or auto-detected.

This follows the project convention of preferring switch statements
over chained if/else for multi-case logic.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@pelikhan pelikhan closed this Feb 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

automation code-quality refactoring

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pelikhan