Skip to content

Update shared personal token to use a generated primer app token #3777

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jonrohan merged 4 commits into from
Dec 2, 2025
Merged

Update shared personal token to use a generated primer app token #3777

jonrohan merged 4 commits into from
Dec 2, 2025

Conversation

@jonrohan
Copy link
Member

@jonrohan jonrohan commented Nov 24, 2025
edited
Loading

https://github.com/github/primer/issues/6097

What are you trying to accomplish?

This pull request updates the static files workflow to improve authentication and token management for GitHub Actions. The main change is switching to a GitHub App token for secure operations, replacing the previous use of a shared personal access token.

Risk Assessment

  • Low risk the change is small, highly observable, and easily rolled back.
  • Medium risk changes that are isolated, reduced in scope or could impact few users. The change will not impact library availability.
  • High risk changes are those that could impact customers and SLOs, low or no test coverage, low observability, or slow to rollback.

Anything you want to highlight for special attention from reviewers?

I think I also want to change this to always run. We had restricted it to main because the commit on a branch would block ci, but with the app that doesn't happen.

@changeset-bot
Copy link

changeset-bot bot commented Nov 24, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: af4eb56

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@jonrohan jonrohan added the skip changeset Pull requests that don't change the library output label Nov 24, 2025
@jonrohan jonrohan changed the title App token Update shared personal token to use a generated primer app token Nov 24, 2025
@jonrohan jonrohan marked this pull request as ready for review November 24, 2025 21:31
@jonrohan jonrohan requested a review from a team as a code owner November 24, 2025 21:31
Copilot finished reviewing on behalf of jonrohan November 24, 2025 21:32
Copilot AI reviewed Nov 24, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request modernizes the static files workflow by transitioning from a shared personal access token to a GitHub App token for authentication. This change improves security and allows the workflow to run on all pushes (not just the main branch) since GitHub App tokens don't trigger additional CI workflows like personal access tokens do.

Key changes:

  • Replaced static personal access token (GPR_AUTH_TOKEN_SHARED) with dynamically generated GitHub App token
  • Removed branch restriction to enable workflow execution on all pushes
  • Removed outdated comment about branch protection limitations with GitHub Apps

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

llastflowers
llastflowers approved these changes Nov 26, 2025
View reviewed changes
Copy link

@llastflowers llastflowers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jonrohan jonrohan enabled auto-merge December 2, 2025 21:37
@jonrohan jonrohan added this pull request to the merge queue Dec 2, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Dec 2, 2025
@jonrohan jonrohan added this pull request to the merge queue Dec 2, 2025
Merged via the queue into main with commit 10d0108 Dec 2, 2025
40 of 51 checks passed
@jonrohan jonrohan deleted the app_token branch December 2, 2025 22:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@llastflowers llastflowers llastflowers approved these changes

Assignees

No one assigned

Labels

skip changeset Pull requests that don't change the library output

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jonrohan @llastflowers