fix: use GitHub App token in ci-health-check for cross-repo access
The CI/CD health check uses GITHUB_TOKEN which only has access to the .github repo. Listing workflow runs across the 6 plugin repos requires org-wide access, causing all repos to show "WARNING: No workflow runs found". Fix: generate a GitHub App token (using RELEASE_APP_ID/RELEASE_APP_PRIVATE_KEY, same as the release workflow) scoped to the org before running the health check script. Falls back to GITHUB_TOKEN gracefully via continue-on-error if the secrets are not yet configured. Once RELEASE_APP_ID is configured as an org secret (tracked separately), the health check will produce accurate cross-repo CI data. Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
@@ -12,8 +12,22 @@ jobs:
|
|||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@v6
|
uses: actions/checkout@v6
|
||||||
|
|
||||||
|
- name: Generate GitHub App token
|
||||||
|
id: app-token
|
||||||
|
uses: actions/create-github-app-token@v1
|
||||||
|
continue-on-error: true
|
||||||
|
with:
|
||||||
|
app-id: ${{ secrets.RELEASE_APP_ID }}
|
||||||
|
private-key: ${{ secrets.RELEASE_APP_PRIVATE_KEY }}
|
||||||
|
owner: privilegedescalation
|
||||||
|
|
||||||
- name: Run CI/CD health check
|
- name: Run CI/CD health check
|
||||||
env:
|
env:
|
||||||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
GH_TOKEN: ${{ steps.app-token.outputs.token || secrets.GITHUB_TOKEN }}
|
||||||
run: |
|
run: |
|
||||||
./.github/scripts/ci-health-check.sh
|
if [ "${{ steps.app-token.outcome }}" = "success" ]; then
|
||||||
|
echo "Using GitHub App token for cross-repo access"
|
||||||
|
else
|
||||||
|
echo "::warning::RELEASE_APP_ID not configured — using GITHUB_TOKEN. Cross-repo workflow run data will be unavailable. Configure RELEASE_APP_ID org secret to enable full health check."
|
||||||
|
fi
|
||||||
|
./.github/scripts/ci-health-check.sh
|
||||||
|
|||||||
Reference in New Issue
Block a user