Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[feature] Custom GITHUB_TOKEN for go upload-assets #3683

Open
OpenWaygate opened this issue Jun 2, 2024 · 1 comment
Open

[feature] Custom GITHUB_TOKEN for go upload-assets #3683

OpenWaygate opened this issue Jun 2, 2024 · 1 comment
Labels
area:generic Issue with the generic generator area:go Issue related to the Go ecosystem type:feature New feature or request

Comments

@OpenWaygate
Copy link

Is your feature request related to a problem? Please describe.
builder_go_slsa3.yml is a reuseable workflow, so I cannot set environment variable when use it

Any environment variables set in an env context defined at the workflow level in the caller workflow are not propagated to the called workflow." ref

The upload-assets job use the default GITHUB_TOKEN, then default releaser is github-actions.

When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN, with the exception of workflow_dispatch and repository_dispatch, will not create a new workflow run. ref

image

Accordingly, if I created a new action with this trigger, it will never be triggered.

on:
  release:
    types: [released]

Describe the solution you'd like
I think this can be resolved with new input, accept a new input GITHUB_TOKEN and use it as environment variable in upload-assets

Describe alternatives you've considered
Convert the reuseable workflow to composite action.

Additional context
~
@OpenWaygate OpenWaygate added status:triage Issue that has not been triaged type:feature New feature or request labels Jun 2, 2024
@ianlewis ianlewis removed the status:triage Issue that has not been triaged label Jun 3, 2024
@ianlewis
Copy link
Member

ianlewis commented Jun 3, 2024
edited
Loading

You mentioned builder_go_slsa3.yml but I think this is an issue for any other builders that create a release.

for example, the docs for the generic generator show the genererator_generic_slsa3.yml getting called before the release artifacts are uploaded. So the SLSA workflow is what creates the release, and the user's workflow is uploading the artifacts after the fact.
https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md#getting-started

@ianlewis ianlewis added area:go Issue related to the Go ecosystem area:nodejs Issue related to the Node.js builder area:generic Issue with the generic generator and removed area:nodejs Issue related to the Node.js builder labels Jun 3, 2024
@ianlewis ianlewis changed the title [feature] Custome GITHUB_TOKEN for go upload-assets [feature] Custom GITHUB_TOKEN for go upload-assets Jun 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area:generic Issue with the generic generator area:go Issue related to the Go ecosystem type:feature New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ianlewis @OpenWaygate