feat: Add token-type as action input
#70
Conversation
This commit adds the ability to use the built-in GITHUB_TOKEN secret as passed into the GitHub Actions runner instead of providing a personal access token (PAT) as a secret into the action for image deletion for a package that lives in the same repository as the GitHub repository. In order to do so, `image-name` needs to match the package name for the repository from where this action is being invoked.
There was a problem hiding this comment.
Sorry if this is a bit premature. I see the PR is still a draft. That said, do you think it might be clearer to users if we call it TOKEN_IS_GITHUB_TOKEN or something to that effect, rather than USE_GITHUB_TOKEN? Perhaps GITHUB_TOKEN_TYPE and have the default be PAT?
Thanks for the feedback! I like the |
This commit changes the `use-github-token` input to `token-type`, which accepts a value of either `pat` or `github-token`.
This commit moves the `token-type` info within README.md closer to `token`. It also adds a small snippet to token regarding the use of GITHUB_TOKEN.
|
Sounds great. Just ping me when you want me to take a look 👍 |
This commit adds a test case to validate the `token_type` passed into Inputs against valid GithubTokenType enum values. Note to self: In order for pydantic validation to work, the `input_names` validator needs to check for the existence of `token_type` in ValidationInput. This will not exist if `token_type` is invalid, and it will be caught by the default validator. This is similar to what was done in the `validate_org_name` field validator.
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main #70 +/- ##
==========================================
- Coverage 93.27% 90.51% -2.76%
==========================================
Files 1 1
Lines 223 253 +30
Branches 54 63 +9
==========================================
+ Hits 208 229 +21
- Misses 7 15 +8
- Partials 8 9 +1 ☔ View full report in Codecov by Sentry. |
Injabie3
changed the title
use-github-token as action inputtoken-type as action input
Injabie3
force-pushed
the
use-github-token
branch
from
f516790
to
d855ecd
Compare
|
I think this is ready for additional feedback. FWIW, I hooked my workflow to fb14774, and it was able to delete images from my repository as expected. |
|
@Injabie3 Hey really appreciate this work! We just switched our workflows to use |
That would be great, thanks. Do let me know if you have any additional feedback. :) |
|
@sondrelg just in case this missed your inbox. |
|
It did, sorry about that! Will take a look at this today 👍 |
|
Woot! For what it's worth I've been using @Injabie3's branch for the past week and has been working great! |
|
I'd have loved to see this be a 3.0.0 release instead of a 2.2.0. |
|
In what way @ChandlerFerry? The default keeps the old behavior, no? |
Currently, a personal access token (PAT) is required to use this action. This requires granting the user- or organization-wide
delete:packagesscope, which may be undesirable if it's pertaining to images generated from the same repository where this action is being used.In order to use the
GITHUB_TOKENtoken during an action run, this PR adds atoken-typeinput to the action. This is an enum that can take eitherpatorgithub-token. If it is set togithub-token, then${{ secrets.GITHUB_TOKEN }}can be passed into thetokeninput.The caveat is that the
image_namesinput must be a single image that matches the package name of the repository from where this action is being invoked:GITHUB_TOKENcurrently doesn't have sufficient permissions to look into other packages of the user/organization. This is also the reason why all lookups to list packages are skipped whentoken-typeis set togithub-token.If the
images-namesinput doesn't match the package name for the repository, then the action will fail.This touches upon #27 for single images only.