ci: fall back to github.token for SPA docker build source checkout#131
Open
bnsoni wants to merge 1 commit into
Open
ci: fall back to github.token for SPA docker build source checkout#131bnsoni wants to merge 1 commit into
bnsoni wants to merge 1 commit into
Conversation
The vendored reusable-spa-docker-build cloned the source repo with a bare
`token: ${{ secrets.GIT_TOKEN }}`. GIT_TOKEN is not available to this
public repo (not a repo secret, not in the org secrets scoped to it), so
checkout failed with 'Input required and not supplied: token' and the
tag-triggered Docker Build could not run.
source_repo is always this (public) repo, so the automatic GITHUB_TOKEN
can clone it — no PAT needed. Fall back to github.token when GIT_TOKEN is
absent, matching the pattern already used in reusable-pr-docker-build.yml.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Member
|
Claude finished @bnsoni's task —— View job E2E Coverage Review for PR #131 ✅Analysis Complete ✅This PR modifies only Files Changed:
E2E Coverage Assessment:
Decision: CASE E - No new page.tsx files and no coverage impact. Review Posted: ✅ APPROVE - No e2e coverage issues. CI workflow changes require no additional test coverage. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The vendored
reusable-spa-docker-build.ymlclones the source repo with a bare:GIT_TOKENis not available to this public repo — it is not a repo secret, and it is not among the org secrets scoped to this repo (onlyAWS_*/OCIR_*are). Sosecrets.GIT_TOKENresolves to empty andactions/checkoutfails immediately:This blocked the tag-triggered Docker Build (e.g. mentor v0.74.1 / the next skills release) right after the runner-group access was restored.
Fix
source_repois always${{ github.repository }}— i.e. this public repo — which the automaticGITHUB_TOKENcan clone without a PAT. Fall back to it whenGIT_TOKENis absent:This is the same pattern already used in
reusable-pr-docker-build.ymlfor the ops checkout. Removes the dependency on aGIT_TOKENsecret for building this repo's own (public) source.Effect / how to land
Takes effect on the next tag/release (the Docker Build resolves the reusable at the tag commit). After merge, cut a fresh tag and the build will clone via
github.tokenand push to ECR (AWS creds are already available to this repo;SENTRY_AUTH_TOKENis optional and already absent).🤖 Generated with Claude Code