X-Guardian
commented
2 weeks ago Thanks for this @meringu. Can you test with one of the following container images: dev-debian-240b6b1 or dev-alpine-240b6b1
Closed meringu closed 2 weeks ago
X-Guardian
commented
2 weeks ago Thanks for this @meringu. Can you test with one of the following container images: dev-debian-240b6b1 or dev-alpine-240b6b1
meringu
commented
2 weeks ago Sorry for the delay @X-Guardian. I had mounted my secret with a K8s subPath, which meant the token wasn't rotating on the container volume during my tests.
I've corrected that, and can now run plans over an hour long, proving that the token is being rotated, as my tokens only last one hour.
This looks ready to go from my point of view. Thanks!
what
Quick follow up to #3208.
I noticed during testing that we need to also set the token file here. I believe I must have been testing by running against a PR with a commit that was already checked out on the persistent volume. Atlantis detected that it didn't need to perform a
git clonecommand.I've updated my testing to include testing with a new PR and new commit, forcing a clean checkout.
why
The GitHub client credentials are separate to the git client credentials, so we must set the token file here too when configuring Atlantis for a token file rather than the token directly.
tests
Tested this with a clean clone in my environment.
references
3208