Skip to content

Use ALLOWLIST_WORKFLOW_TOKEN and restore branch protection#700

Merged
dave2wave merged 2 commits intomainfrom
use-allowlist-workflow-token
Apr 12, 2026
Merged

Use ALLOWLIST_WORKFLOW_TOKEN and restore branch protection#700
dave2wave merged 2 commits intomainfrom
use-allowlist-workflow-token

Conversation

@potiuk
Copy link
Copy Markdown
Member

@potiuk potiuk commented Apr 12, 2026
edited
Loading

Summary

  • Use secrets.ALLOWLIST_WORKFLOW_TOKEN with || github.token fallback for checkout and commit steps in all three workflows (update_actions, update_dummy, remove_expired)
  • Add a "Print token details" step that displays the token's user/email, expiration, and scopes (only runs when the secret is available)
  • Derive commit author name/email from the token identity, falling back to asfgit defaults
  • Restore branch protection for main (required PR reviews with 1 approval, status checks) — reverts the revert from Leaving empty protected branches to actually disable it #697

Test plan

  • Verify update_actions workflow runs successfully on push to main
  • Verify update_dummy workflow runs successfully on push to main
  • Verify remove_expired workflow runs successfully via schedule/dispatch
  • Verify token details are printed when secret is available
  • Verify workflows still work in forks where the secret is not set
  • Verify branch protection is active after merge

🤖 Generated with Claude Code

potiuk added 2 commits April 12, 2026 20:24
@potiuk
Use ALLOWLIST_WORKFLOW_TOKEN with fallback to github.token in workflows
7e3ea85 
Add token details display (user/email/expiration/scopes) and use the
token's identity for commit author. Falls back to github.token and
asfgit defaults when the secret is not available.

Generated-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@potiuk
Restore branch protection for main
162bee2 
Re-enable required PR reviews (1 approval) and status checks
that were reverted in #697.

Generated-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@potiuk potiuk changed the title Use ALLOWLIST_WORKFLOW_TOKEN with fallback in all workflows Use ALLOWLIST_WORKFLOW_TOKEN and restore branch protection Apr 12, 2026
@potiuk potiuk mentioned this pull request Apr 12, 2026
Closed
@potiuk potiuk requested review from dave2wave and raboof April 12, 2026 18:30
@potiuk
Copy link
Copy Markdown
Member Author

potiuk commented Apr 12, 2026

@raboof @dave2wave -> I need your sanity check if what I display about the token is fine

dave2wave
dave2wave approved these changes Apr 12, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@dave2wave dave2wave left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks reasonable. Wait for @raboof 's review too.

@dave2wave
Copy link
Copy Markdown
Member

dave2wave commented Apr 12, 2026

Got @raboof approval through slack.

@dave2wave dave2wave merged commit 57d1f3c into main Apr 12, 2026
6 checks passed
@dave2wave dave2wave deleted the use-allowlist-workflow-token branch April 12, 2026 18:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dave2wave dave2wave dave2wave approved these changes

@raboof raboof Awaiting requested review from raboof

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@potiuk @dave2wave