Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use GitHub Apps for workflow authentication #1725

Closed
jpower432 opened this issue Oct 14, 2024 · 0 comments · Fixed by #1726
Closed

Use GitHub Apps for workflow authentication #1725

jpower432 opened this issue Oct 14, 2024 · 0 comments · Fixed by #1726
Assignees
@jpower432
Labels
enhancement New feature or request

Comments

@jpower432
Copy link
Member

Issue description / feature objectives

Currently, user dependent authentication is used in GitHub Actions workflows. Using GitHub App would offer a future-proof, scalable way to authenticate in the repository.

Rationale

  • A GitHup App acts independently of a user, meaning if the user no longer has resource access it does not cause breakage
  • GitHub App tokens support fine-grained, short-lived tokens
  • GitHub Apps have a higher API rate limit than PATs

Caveats / Assumptions

None

Completion Criteria

  • Create a GitHub App that has proper access to fulfill our workflow needs
  • Update workflows to generate and revoke tokens

Resources
@jpower432 jpower432 added the enhancement New feature or request label Oct 14, 2024
@jpower432 jpower432 self-assigned this Oct 15, 2024
@jpower432 jpower432 mentioned this issue Oct 15, 2024
Merged
11 tasks
@jpower432 jpower432 moved this from New to In progress in Trestle Roadmap Oct 15, 2024
@jpower432 jpower432 moved this from In progress to In review in Trestle Roadmap Oct 16, 2024
@github-project-automation github-project-automation bot moved this from In review to Done in Trestle Roadmap Oct 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jpower432 jpower432

Labels
enhancement New feature or request
Projects
Trestle Roadmap
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ci: updates GH credential strategy in the python-push.yml oscal-compass/compliance-trestle
1 participant
@jpower432