search

Mic92 / nixpkgs-review

Review pull-requests on https://github.com/NixOS/nixpkgs
MIT License
390 stars 66 forks source link

Stop reading OAuth token from `GITHUB_TOKEN` #219

Open asymmetric opened 3 years ago

asymmetric commented 3 years ago

As a follow-up to #168, support for reading a GitHub API token from GITHUB_TOKEN was implemented in https://github.com/Mic92/nixpkgs-review/commit/c837ed77481bd32ff0cc774f3df4344ffc3ba75a. I actually think this is a bad idea.

The gh docs state that the required scopes for this token include repo, which gives full admin access to all repos, including private ones. This means that nixpkgs-review now has access to those as well.

Wouldn't it make more sense to have a nixpkgs-review specific env var, pointing to a compartimentalized token?

Note that it's not possible to run gh auth login --with-token when the GITHUB_TOKEN env var is set, so if you (like me) want to keep the two tokens separate, you'd have always specify --token in nixpkgs-review)

asymmetric commented 3 years ago

OTOH, I should assume that any program with access to the environment could theoretically read the GITHUB_TOKEN env var, so some could argue this is "security theater" :thinking:

Mic92 commented 3 years ago

What is your thread model that we would prevent by not using the token that is already there? Rather than an environment variable I would rather add an additional file.