File tree Expand file tree Collapse file tree
.azure-pipelines/generation-templates Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -56,10 +56,13 @@ parameters:
5656 type : string
5757 default : " -e '/copilot' -e '/copilot/**'"
5858
59- # When true, the target repository is read anonymously (public repo) and the generated
60- # files are pushed using a GitHub App installation token instead of a PAT-backed service
61- # connection. PR creation is App-based regardless. Defaults to false to preserve the
62- # existing service connection based behaviour for the microsoftgraph SDK repos.
59+ # Set this to true for target repos that live in a different GitHub org than the shared
60+ # service connection covers. Those repos can't ride on that connection and historically
61+ # needed their own separate PAT-backed one. This flag removes that PAT by reusing the
62+ # GitHub App identity (which already creates the PRs) for the push as well.
63+ #
64+ # Defaults to false, which keeps the other SDK repos on their existing service-connection
65+ # checkout/push flow, unchanged.
6366- name : useGitHubAppAuth
6467 type : boolean
6568 default : false
8386 fetchDepth : 1
8487 persistCredentials : true
8588
86- # App-auth path: the target repo is public, so clone it anonymously (no PAT). The push
87- # remote is switched to a GitHub App token in a later step before the push happens.
89+ # App-auth path: read the target with no credential. This is possible because the repo is
90+ # public - it is not why App auth is used (see the useGitHubAppAuth param notes). The push
91+ # remote is switched to a GitHub App token in a later step, before the push happens.
8892- ${{ if eq(parameters.useGitHubAppAuth, true) }} :
8993 - pwsh : |
9094 $repoDir = "$(Build.SourcesDirectory)/${{ parameters.repoName }}"
Original file line number Diff line number Diff line change 22# Licensed under the MIT License.
33
44# Configure the 'origin' push URL of an already-cloned repository to authenticate with a
5- # GitHub App installation token instead of a PAT. The fetch URL is left untouched so reads
6- # stay anonymous for public repositories.
5+ # GitHub App installation token instead of a PAT. This lets a repo be pushed to using the
6+ # App identity (the same one that opens the PRs), which removes the need for a dedicated
7+ # PAT when the repo isn't covered by the pipeline's shared service connection.
78#
9+ # Only the push URL is changed; the fetch URL is left untouched (repos are public hence reads
10+ # can be maintained as anonymous).
811# Required environment variables:
912# GhAppId - GitHub App client ID (from AKV)
1013# GhAppKey - GitHub App private key (from AKV)
You can’t perform that action at this time.
0 commit comments