Skip to content

Use repository owner for scope by default#71

Open
tspascoal wants to merge 1 commit intogetsentry:mainfrom
tspascoal:main
Open

Use repository owner for scope by default#71
tspascoal wants to merge 1 commit intogetsentry:mainfrom
tspascoal:main

Conversation

@tspascoal
Copy link

@tspascoal tspascoal commented Jun 21, 2023
edited
Loading

closes #18

If scope parameter wasn't passed it used empty by default.

This means a token would be returned for the first installation id on the list.

If the app had a single install this would work fine, otherwise the user will get a token scope to an owner that (probably) didn't meant to.

With this change it now uses the current repo owner (org or account).

Note I don't think this is a breaking change, however some users could be accident getting the wrong scope but still it was they needed by chance (if it's the first installation and the first installation is not the current owner).

As a check this step can be used to list the repos to which the returned token has access to

- name: list repos accessible to token
   run: gh api /installation/repositories --paginate --jq .repositories.[].full_name
   env:
      GITHUB_TOKEN: ${{ steps.my-app.outputs.token }}

@tspascoal
Use repository owner for scope by default
829117b 
If scope parameter wasn't passed it used empty by default. 

This means a token would be returned for the first installation id on the list.

If the app had a single install this would work fine, otherwise the user will get a token scope to an owner that he didn't meant to
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Gets a random installation's token, not one that works for the current repo

1 participant

@tspascoal