Skip to content

Commit c4d053e

Browse files
vijayCartaclaude
andauthored
fix: revert provenance auth to PLUGIN_PUBLISH_TOKEN (#33)
## Summary - Reverts provenance check auth from GitHub App token back to `PLUGIN_PUBLISH_TOKEN` PAT - PR #23 introduced `CARTA_CI_APP_ID` / `CARTA_CI_APP_PRIVATE_KEY` secrets that were never added to this repo, breaking all provenance checks since merge ## Changes Made - Removed `actions/create-github-app-token@v1` step - Restored `PLUGIN_PUBLISH_TOKEN` as the auth token for cross-repo API calls - All other provenance logic (published_content_hash, deletion handling) preserved ## Test plan - [ ] Provenance check passes on this PR - [ ] Verify cross-repo access to `carta/claude-marketplace` works with the PAT ## Related - Fixes regression from PR #23 - Unblocks PR #32 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude <noreply@anthropic.com>
1 parent e3edd45 commit c4d053e

1 file changed

Lines changed: 1 addition & 7 deletions

File tree

.github/workflows/provenance-check.yml

Lines changed: 1 addition & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -13,12 +13,6 @@ jobs:
1313
runs-on: ubuntu-latest
1414
steps:
1515
- uses: actions/checkout@v4
16-
- uses: actions/create-github-app-token@v1
17-
id: app-token
18-
with:
19-
app-id: ${{ secrets.CARTA_CI_APP_ID }}
20-
private-key: ${{ secrets.CARTA_CI_APP_PRIVATE_KEY }}
21-
repositories: claude-marketplace
2216
- name: Identify changed plugins
2317
id: changes
2418
run: |
@@ -39,7 +33,7 @@ jobs:
3933
if: steps.changes.outputs.changed_plugins != ''
4034
run: python .github/scripts/verify-provenance.py "$CHANGED_PLUGINS"
4135
env:
42-
GH_TOKEN: ${{ steps.app-token.outputs.token }}
36+
GH_TOKEN: ${{ secrets.PLUGIN_PUBLISH_TOKEN || github.token }}
4337
PROVENANCE_REPO: ${{ vars.PROVENANCE_REPO }}
4438
CHANGED_PLUGINS: ${{ steps.changes.outputs.changed_plugins }}
4539
- name: Post failure comment

0 commit comments

Comments
 (0)