Open tjcorr opened 4 months ago
Is it worth documenting both approaches or you are convinced the PAT should be end of life :) Either way good to merge now!
I would argue that using the system token of the build service is strictly better than a PAT. No secret to store, nothing to rotate, etc...
Yeah, I think that there are pluses and minuses to both approaches - a PAT allows for custom permissions, but the system.AccessToken has much better maintainability at the expense of broader permissions radius (need to grant rights to the Build Service Acct, etc.)
That said - I think that most folks will understand that you can swap the System.AccessToken for a PAT.
This pull request mainly focuses on the changes in the
src/pr-gating/CIVerify.yml
andsrc/pr-gating/Setup.md
files. The changes aim to improve security by replacing the Personal Access Token (PAT) with a system access token in theCIVerify.yml
file and removing the steps for generating a new PAT in theSetup.md
file. The changes also include adding instructions for granting permissions to the pipeline.