Skip to content

Unify token description for resolve-environment, start-proxy, and upload-sarif #2780

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 24, 2025
Merged

Unify token description for resolve-environment, start-proxy, and upload-sarif #2780

merged 1 commit into from
Feb 24, 2025

Conversation

@angelapwen
Copy link
Contributor

Partially fixes https://github.com/github/codeql-action/security/code-scanning/1050. The upload-sarif token description is the most comprehensive so I've used it for resolve-environment and start-proxy.

Merge / deployment checklist

  • Confirm this change is backwards compatible with existing workflows.
  • Confirm the readme has been updated if necessary.
  • Confirm the changelog has been updated if necessary.

Copilot AI review requested due to automatic review settings February 24, 2025 18:51
@angelapwen angelapwen requested a review from a team as a code owner February 24, 2025 18:51
@angelapwen angelapwen changed the title Unify token description for resolve-environment, start-proxy, and upload-sarif` Unify token description for resolve-environment, start-proxy, and upload-sarif Feb 24, 2025
Copilot AI reviewed Feb 24, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Overview

This pull request unifies the description of the GitHub token input for the resolve-environment and start-proxy actions to match the comprehensive description used in upload-sarif.

  • Updated start-proxy/action.yml with an enhanced token description
  • Updated resolve-environment/action.yml with a consistent token description

Reviewed Changes

File Description
start-proxy/action.yml Updated token description to include built-in token details.
resolve-environment/action.yml Revised token description for consistency with upload-sarif.

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

Tip: Copilot code review supports C#, Go, Java, JavaScript, Markdown, Python, Ruby and TypeScript, with more languages coming soon. Learn more

angelapwen
angelapwen commented Feb 24, 2025
View reviewed changes
start-proxy/action.yml Outdated
required: false
token:
description: GitHub token to use for authenticating with this instance of GitHub, used to upload debug artifacts.
description: GitHub token to use for authenticating with this instance of GitHub. The token must be the built-in GitHub Actions token, and the workflow must have the `security-events: write` permission. Most of the time it is advisable to avoid specifying this input so that the workflow falls back to using the default value.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@marcogario could you confirm whether the token for start-proxy actually needs the security: write permission? If it's simply used for debug artifacts, I was thinking that it may only need actions: write.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I saw the comment below from Andrew and I agree.

@angelapwen angelapwen mentioned this pull request Feb 24, 2025
Closed
8 tasks
@angelapwen angelapwen force-pushed the angelapwen/fix-inconsistent-action-input branch from e75e74f to 03c921e Compare February 24, 2025 19:26
aeisenberg
aeisenberg approved these changes Feb 24, 2025
View reviewed changes
Copy link
Contributor

@aeisenberg aeisenberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for fixing.

start-proxy/action.yml
required: false
token:
description: GitHub token to use for authenticating with this instance of GitHub, used to upload debug artifacts.
description: "GitHub token to use for authenticating with this instance of GitHub. The token must be the built-in GitHub Actions token, and the workflow must have the `security-events: write` permission. Most of the time it is advisable to avoid specifying this input so that the workflow falls back to using the default value."
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Technically, security-events: write is not required for this action, but since this action is only ever used with the analyze action which does require the permission, I think it' fine to keep.

@angelapwen angelapwen merged commit d3c7d03 into main Feb 24, 2025
270 checks passed
@angelapwen angelapwen deleted the angelapwen/fix-inconsistent-action-input branch February 24, 2025 20:09
@github-actions github-actions bot mentioned this pull request Mar 7, 2025
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@aeisenberg aeisenberg aeisenberg approved these changes

+1 more reviewer

@marcogario marcogario marcogario left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@angelapwen @aeisenberg @marcogario