Skip to content

Persist CPLN token for cpflow steps #738

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
justin808 merged 1 commit into from
May 21, 2026
Merged

Persist CPLN token for cpflow steps #738

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .github/actions/cpflow-setup-environment/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,12 @@ runs:
exit 1
fi

# Keep the service-account token available to later cpflow/cpln steps.
# The profile stores org/default metadata, but cpflow direct API calls
# read CPLN_TOKEN before falling back to `cpln profile token`.
echo "::add-mask::${CPLN_TOKEN}"
printf 'CPLN_TOKEN=%s\n' "${CPLN_TOKEN}" >> "${GITHUB_ENV}"
Comment on lines +99 to +103

@greptile-apps greptile-apps Bot May 21, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Heredoc form is safer for multi-line values — writing a simple NAME=VALUE line to the environment file would be silently truncated if the value ever contained an embedded newline. GitHub Actions documentation recommends the heredoc delimiter syntax for values that may span multiple lines.

@claude claude Bot May 21, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The printf '%s\n' form is fine for a standard service-account token (no embedded newlines), but if the token format ever changed, a newline inside the value would silently truncate CPLN_TOKEN in GITHUB_ENV. GitHub's recommended pattern for potentially multi-line values is the heredoc-delimiter syntax:

Suggested change
printf 'CPLN_TOKEN=%s\n' "${CPLN_TOKEN}" >> "${GITHUB_ENV}"
{
echo "CPLN_TOKEN<<CPLN_EOF"
printf '%s\n' "${CPLN_TOKEN}"
echo "CPLN_EOF"
} >> "${GITHUB_ENV}"

Non-blocking — the current form is safe for a JWT/Control Plane token. Flagging only because changing it later would be easy to forget.


# `cpln profile update` lists `create` as an alias (cpln profile --help) and is
# idempotent: it creates the profile if missing and updates it otherwise. Calling
# update directly avoids parsing the CLI's "already exists" English error text,
Expand Down
Loading