Skip to content

ci: use github app token auth#2537

Merged
skl merged 1 commit intomainfrom
skl/bot-app-tokens
Feb 19, 2026
Merged

ci: use github app token auth#2537
skl merged 1 commit intomainfrom
skl/bot-app-tokens

Conversation

@skl
Copy link
Member

@skl skl commented Feb 19, 2026

Secrets are now in Vault.

@skl skl requested a review from a team as a code owner February 19, 2026 14:54
@codecov-commenter
Copy link

codecov-commenter commented Feb 19, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 48.62%. Comparing base (89df2bf) to head (6af7259).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #2537   +/-   ##
=======================================
  Coverage   48.62%   48.62%           
=======================================
  Files          53       53           
  Lines        4027     4027           
=======================================
  Hits         1958     1958           
  Misses       1934     1934           
  Partials      135      135
Flag Coverage Δ
unittests 48.62% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

rafaelroquetto
rafaelroquetto approved these changes Feb 19, 2026
View reviewed changes
.github/workflows/bot_sync-obi-fork.yml
steps:
- name: Get GitHub App token
id: get-github-app-token
uses: grafana/shared-workflows/actions/create-github-app-token@580590a644e82e79bb2598bdaba0be245a14dda0 # create-github-app-token/v0.2.2
Copy link
Contributor

@rafaelroquetto rafaelroquetto Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just to be sure, this number is not secret, right?

Copy link
Member Author

@skl skl Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct, it's the public git sha of the github action at the specific version in use. It's used to verify the action hasn't been tampered with.

Copy link
Member Author

@skl skl Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The secret itself is generated on the fly for the lifetime of an individual workflow run only

@skl skl merged commit 9b3d936 into main Feb 19, 2026
17 checks passed
@skl skl deleted the skl/bot-app-tokens branch February 19, 2026 15:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rafaelroquetto rafaelroquetto rafaelroquetto approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@skl @codecov-commenter @rafaelroquetto