simoneb
commented
1 year ago @syedfarhanNF can you please look into this? It requires changing the workflow to pass the env var for the token, populated from the gh secret called GH_AUTH_TOKEN
Open mcollina opened 1 year ago
simoneb
commented
1 year ago @syedfarhanNF can you please look into this? It requires changing the workflow to pass the env var for the token, populated from the gh secret called GH_AUTH_TOKEN
syedfarhanNF
commented
1 year ago You will need to create a new secret if doesn't already exist called GH_AUTH_TOKEN. Then modify the github workflow for deployment so it passes this secret into the containers environment variables.
id: 'deploy'
uses: google-github-actions/deploy-cloudrun@v1
with:
service: ${{ secrets.GCP_CLOUDRUN_SERVICE_NAME }}
region: ${{ secrets.GCP_CLOUDRUN_SERVICE_REGION }}
project_id: ${{ secrets.GCP_PROJECT_ID }}
flags: --allow-unauthenticated --timeout 1800
env_vars: |
GH_AUTH_TOKEN=${{ secrets.GH_AUTH_TOKEN }}
source: .@syedfarhanNF can you please send a PR to modify the workflow?
simoneb
commented
1 year ago note that the secret is already in the repo although I don't know what value it has. @mcollina it would be good to populate it with a value with very limited permissions
mcollina
commented
1 year ago I think it's set up correctly. let's see if it works.
syedfarhanNF
commented
1 year ago @simoneb @mcollina Heres a PR with updated workflow and updated readme with access token details #130
syedfarhanNF
commented
1 year ago Hi @mcollina,
GH_AUTH_TOKEN. Paste the new token into this.That should be all thats required from you. We can then merge this PR.
mcollina
commented
1 year ago Creating a personal access token is a security nightmare. We should use the new fine-grained ones.
simoneb
commented
1 year ago The issue with fine grained tokens is that they expire. Apart from that, they will work the same as the others
From https://github.com/mercurius-js/mercurius/issues/941#issuecomment-1399230693:
@simoneb how do I configure this with a token?