Skip to content

DT-3284: Fix GitHub App authentication flow in dispatch workflows #326

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rossnelson merged 1 commit into from
Sep 5, 2025
Merged

DT-3284: Fix GitHub App authentication flow in dispatch workflows #326

rossnelson merged 1 commit into from
Sep 5, 2025

Conversation

@rossnelson
Copy link
Collaborator

@rossnelson rossnelson commented Sep 5, 2025
edited by atlassian bot
Loading

Summary

Moves GitHub App authentication setup to the workflows themselves to ensure proper token usage throughout the entire workflow.

Problem

Push operations were failing with: "Required workflow 'Check for CODEOWNERS' is not satisfied"

The issue was that we need the GitHub App token from the very beginning of the workflow, including for the checkout step.

Solution

Following the pattern from temporal-worker-controller release workflow:

  • Generate GitHub App token as first step in dispatch workflows
  • Use token for checkout with fetch-depth: 0
  • Configure Git and gh CLI auth after checkout
  • Simplify commit-changes action to only handle commits

Testing

The changes will be validated when the next dispatch workflow runs after merging.

Jira

DT-3284

@rossnelson
fix(ci): move auth setup to workflows for proper token usage
55155d4 
- Generate GitHub App token as first step in dispatch workflows
- Use token for checkout with fetch-depth: 0
- Configure Git and gh CLI auth after checkout
- Simplify commit-changes action to only handle commits
- Follows pattern from temporal-worker-controller release workflow

This ensures the GitHub App token is used throughout the entire
workflow, addressing repository rule violations for push operations.

Jira: DT-3284
@rossnelson rossnelson requested a review from a team as a code owner September 5, 2025 14:36
@rossnelson rossnelson requested review from GiantRobots and removed request for a team September 5, 2025 14:36
@rossnelson rossnelson merged commit 56a9ad8 into main Sep 5, 2025
7 checks passed
@rossnelson rossnelson deleted the dt-3284-fix-workflow-auth branch September 5, 2025 14:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@GiantRobots GiantRobots Awaiting requested review from GiantRobots GiantRobots is a code owner automatically assigned from temporalio/frontend-engineering

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rossnelson