DYN-9484 Autoreplace HTML Fix#16511
Conversation
After testing the github action there was an error when committing the changes due to missing permissions in the secret token, then in this fix I'm replacing the secret token to use one which has the right permissions.
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
See the ticket for this pull request: https://jira.autodesk.com/browse/DYN-9484
There was a problem hiding this comment.
Pull Request Overview
This PR fixes a GitHub Actions workflow by updating authentication and user configuration for the auto-replace HTML action. The changes address permission issues that were preventing the workflow from committing changes.
Key Changes:
- Replace default GitHub token with a custom token that has appropriate permissions
- Update Git user configuration from github-actions bot to dynamo-ci-user
| id: commit | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| GH_TOKEN: ${{ secrets.DYNAMO_ACTIONS_TOKEN }} |
There was a problem hiding this comment.
The workflow is switching from the default GITHUB_TOKEN to a custom secret token. Ensure that the DYNAMO_ACTIONS_TOKEN secret is properly configured with minimal necessary permissions and follows the principle of least privilege. Consider documenting what specific permissions this token requires.
| git config user.name "github-actions[bot]" | ||
| git config user.email "github-actions[bot]@users.noreply.github.com" | ||
| git config user.name "dynamo-ci-user" | ||
| git config user.email "dynamo@autodesk.com" |
There was a problem hiding this comment.
[nitpick] The hardcoded email address '[email protected]' should be verified as a valid and monitored email address. Consider using a no-reply email format or ensuring this email can handle any Git-related notifications.
| git config user.email "dynamo@autodesk.com" | |
| git config user.email "41898282+github-actions[bot]@users.noreply.github.com" |
Purpose
After testing the Autoreplac e HTML github action there was an error when committing the changes due to missing permissions in the secret token, then in this fix I'm replacing the secret token to use one which has the right permissions.
Declarations
Check these if you believe they are true
Release Notes
After testing the Autoreplac e HTML github action there was an error when committing the changes due to missing permissions in the secret token, then in this fix I'm replacing the secret token to use one which has the right permissions.
Reviewers
@QilongTang @avidit
FYIs