Conversation
…date docs Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
token (not github-token) for actions/checkout
There was a problem hiding this comment.
Pull request overview
Aligns checkout token naming so that checkout.github-token frontmatter compiles to the correct actions/checkout input (token), and prevents regressions via tests/docs updates.
Changes:
- Added a regression subtest ensuring additional checkout steps emit
token:and nevergithub-token:. - Updated trial mode test diagnostics/comments to reference
token(matching current compiled output). - Documented the frontmatter key vs compiled action input name mapping in the frontmatter reference docs.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| pkg/workflow/trial_mode_test.go | Updates comments/error strings to match token naming in compiled checkout steps. |
| pkg/workflow/checkout_manager_test.go | Adds regression test to ensure additional checkouts emit token (not github-token). |
| docs/src/content/docs/reference/frontmatter.md | Adds a NOTE clarifying github-token (frontmatter) → token (compiled actions/checkout input). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
@copilot align field name to actions/checkout since we will be fighting the model habits on this. Rename "checkout.github-token" to "checkout.token" |
Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
…checkout input name Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Done in 2ff9304. Renamed Warning Firewall rules blocked me from connecting to one or more addresses (expand for details)I tried to connect to the following addresses, but was blocked by firewall rules:
If you need me to access, download, or install something from one of these locations, you can either:
|
token (not github-token) for actions/checkoutcheckout.github-token to checkout.token for actions/checkout
|
@copilot make sure the JSON schema type checkout does not allow additional protperties + fix any agentic workflow using checkout to the new syntax |
Both items are already handled by the previous commit (2ff9304):
|
PR #18878 renamed the checkout frontmatter field from `github-token` to `token` to align with the actual `actions/checkout` input name. No codemod was added for this rename, so users with existing workflows using the old field name must update it manually. Add a callout in the upgrading guide's "Common Changes" section to inform users of this required manual migration. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
actions/checkoutexpects the input namedtoken, notgithub-token. This PR renames the frontmatter fieldcheckout.github-token→checkout.tokento align the user-facing name with the action's actual input, eliminating any confusion between the two.Changes
CheckoutConfigstruct (checkout_manager.go): Renamed fieldGitHubToken→Tokenwith JSON tag"token,omitempty". Updated theadd()merging logic and theParseSingleCheckoutConfigparser to usem["token"]. Removed now-unnecessary comments explaining thegithub-token→tokenmapping.Schema (
pkg/parser/schemas/main_workflow_schema.json): Renamed the"github-token"property to"token"in thecheckoutConfigdefinition.Regression test (
checkout_manager_test.go): Added subtestadditional checkout emits token not github-tokeninTestGenerateAdditionalCheckoutStepsasserting thatgenerateCheckoutStepLinesemitstoken:and nevergithub-token:. Updated allCheckoutConfigfield references fromGitHubToken:toToken:and map key"github-token"to"token"in parse tests.Test cleanup (
trial_mode_test.go): Improved comments to clarify that the test checks for absence of an implicit/default token when the workflow doesn't configure one.Docs (
reference/frontmatter.md,reference/cross-repository.md): Updated all checkout examples to usetoken:instead ofgithub-token:. Non-checkout contexts (tools.github,safe-outputs) are unchanged.Original prompt
This section details on the original issue you should resolve
<issue_title>Fix checkout frontmatter: emit token (not github-token) for actions/checkout</issue_title>
<issue_description>## Fix checkout frontmatter: emit
token(notgithub-token) for actions/checkoutBug summary
When
checkoutfrontmatter includes a customgithub-token, the compiler emits anactions/checkoutstep with agithub-tokeninput. The actions/checkout action expects the input nametoken, so custom tokens do not work and checkout can fail or use the wrong credentials.Analysis
Root cause: In
pkg/workflow/checkout_manager.go, the YAML for theactions/checkoutstep is built with the literal keygithub-tokenin two places:GenerateDefaultCheckoutStep: when applying user overrides (non–trial mode), it emitsfmt.Fprintf(&sb, " github-token: %s\n", override.token).generateCheckoutStepLines: for additional checkout steps it emitsfmt.Fprintf(&sb, " github-token: %s\n", entry.token).The actions/checkout action only accepts the input
token. The same file already usestokencorrectly for trial mode at line 222:fmt.Fprintf(&sb, " token: %s\n", effectiveToken). The fix is to emittoken(notgithub-token) wherever the token is passed toactions/checkout. The frontmatter key can remaingithub-token(user-facing); only the emitted YAML key for the action input must betoken.Implementation plan
Please implement the following so an agent can execute it step by step.
1. Fix YAML emission in
pkg/workflow/checkout_manager.goIn
GenerateDefaultCheckoutStep(around line 233–235): whenoverride.token != "", emit the input astoken, notgithub-token.Change:
fmt.Fprintf(&sb, " github-token: %s\n", override.token)to:
fmt.Fprintf(&sb, " token: %s\n", override.token).In
generateCheckoutStepLines(around line 276–278): whenentry.token != "", emit the input astoken, notgithub-token.Change:
fmt.Fprintf(&sb, " github-token: %s\n", entry.token)to:
fmt.Fprintf(&sb, " token: %s\n", entry.token).No other changes in this file are required: struct fields and parsing can keep the name
GitHubToken/github-tokenfor frontmatter/schema; only the generated action input name must betoken.2. Update tests that assert on
github-tokenin checkout stepspkg/workflow/checkout_manager_test.gogithub-token:in the generated checkout step YAML with expectations oftoken:(same value, different key)."github-token: ${{ secrets.MY_TOKEN }}"to"token: ${{ secrets.MY_TOKEN }}"(and similar cases in that file).pkg/workflow/checkout_optimization_test.gotoken: ${{ secrets.CUSTOM_TOKEN }}(line 94). Ensure no remaining expectations usegithub-tokenfor the checkout step; if any do, update them totoken.pkg/workflow/trial_mode_test.gotokenin the checkout step’swith:block (since the correct input name istoken). Adjust comments and assertions accordingly.pkg/workflow/pr_checkout_test.gogithub-tokenin the “Checkout PR branch” step. That step usesactions/github-script, notactions/checkout. The actions/github-script action uses the inputgithub-token. So leave this test unchanged; only theactions/checkoutsteps should usetoken.3. Optional: add a regression test
pkg/workflow/checkout_manager_test.go(or a dedicated test), add a case that:GitHubToken: "${{ secrets.MY_TOKEN }}").GenerateDefaultCheckoutStepor the helper that produces the additional checkout steps.token: ${{ secrets.MY_TOKEN }}and does not containgithub-token:in the same step (to avoid regressing to the wrong input name).4. Documentation
pkg/workflow/checkout_manager.go, the comment around lines 19–21 shows an example withgithub-token:in the YAML. Update that example so it shows the emitted format: usetoken:in the example of the generated step (or add a short note that the frontmatter keygithub-tokenis emitted as thetokeninput foractions/checkout).docs/orpkg/parser/schemasdocument the checkout step output format, ensure they state that the compiler emitstokenfo...💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.
✨ PR Review Safe Output Test - Run 22526334288