Skip to content

Commit 3ff952d

Browse files
vorporealoz-agent
andcommitted
Move app_id from secret to input; fix duplicate with: blocks
app_id is not sensitive (it's a numeric identifier visible on the App settings page), so it's better as a repo variable than a secret. Consumers set: - Variable: REPO_SYNC_APP_ID (via vars) - Secret: REPO_SYNC_APP_PRIVATE_KEY (via secrets) Co-Authored-By: Oz <oz-agent@warp.dev>
1 parent 661ea02 commit 3ff952d

5 files changed

Lines changed: 16 additions & 13 deletions

File tree

.github/workflows/escalation.yml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -31,10 +31,11 @@ on:
3131
description: "Private repo (e.g. warpdotdev/warp-internal)."
3232
required: true
3333
type: string
34-
secrets:
3534
app_id:
3635
description: "GitHub App ID."
3736
required: true
37+
type: string
38+
secrets:
3839
app_private_key:
3940
description: "GitHub App private key."
4041
required: true
@@ -54,7 +55,7 @@ jobs:
5455
id: token
5556
uses: actions/create-github-app-token@v1
5657
with:
57-
app-id: ${{ secrets.app_id }}
58+
app-id: ${{ inputs.app_id }}
5859
private-key: ${{ secrets.app_private_key }}
5960
owner: ${{ github.repository_owner }}
6061
- run: echo "GH_TOKEN=${{ steps.token.outputs.token }}" >> "$GITHUB_ENV"

.github/workflows/restack.yml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,10 +24,11 @@ on:
2424
required: false
2525
type: string
2626
default: "@oncall-client-primary"
27-
secrets:
2827
app_id:
2928
description: "GitHub App ID."
3029
required: true
30+
type: string
31+
secrets:
3132
app_private_key:
3233
description: "GitHub App private key."
3334
required: true
@@ -81,7 +82,7 @@ jobs:
8182
id: token
8283
uses: actions/create-github-app-token@v1
8384
with:
84-
app-id: ${{ secrets.app_id || secrets.REPO_SYNC_APP_ID }}
85+
app-id: ${{ inputs.app_id }}
8586
private-key: ${{ secrets.app_private_key || secrets.REPO_SYNC_APP_PRIVATE_KEY }}
8687
owner: ${{ github.repository_owner }}
8788
- name: Set GH_TOKEN

.github/workflows/sync.yml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,10 +25,11 @@ on:
2525
required: false
2626
type: string
2727
default: ""
28-
secrets:
2928
app_id:
3029
description: "GitHub App ID."
3130
required: true
31+
type: string
32+
secrets:
3233
app_private_key:
3334
description: "GitHub App private key."
3435
required: true
@@ -48,7 +49,7 @@ jobs:
4849
id: token
4950
uses: actions/create-github-app-token@v1
5051
with:
51-
app-id: ${{ secrets.app_id }}
52+
app-id: ${{ inputs.app_id }}
5253
private-key: ${{ secrets.app_private_key }}
5354
owner: ${{ github.repository_owner }}
5455
- uses: actions/checkout@v4

README.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -103,7 +103,7 @@ on:
103103
schedule:
104104
- cron: "*/15 * * * *" # triggers escalation checks
105105
106-
# store the GitHub App installation token as REPO_SYNC_TOKEN in repo secrets.
106+
# store REPO_SYNC_APP_ID as a variable and REPO_SYNC_APP_PRIVATE_KEY as a secret.
107107
# each job only runs when its trigger condition matches, so no wasted runs.
108108
109109
jobs:
@@ -113,8 +113,8 @@ jobs:
113113
with:
114114
public_repo: warpdotdev/warp-public
115115
private_repo: warpdotdev/warp-internal
116+
app_id: ${{ vars.REPO_SYNC_APP_ID }}
116117
secrets:
117-
app_id: ${{ secrets.REPO_SYNC_APP_ID }}
118118
app_private_key: ${{ secrets.REPO_SYNC_APP_PRIVATE_KEY }}
119119
120120
restack:
@@ -123,8 +123,8 @@ jobs:
123123
with:
124124
public_repo: warpdotdev/warp-public
125125
private_repo: warpdotdev/warp-internal
126+
app_id: ${{ vars.REPO_SYNC_APP_ID }}
126127
secrets:
127-
app_id: ${{ secrets.REPO_SYNC_APP_ID }}
128128
app_private_key: ${{ secrets.REPO_SYNC_APP_PRIVATE_KEY }}
129129
130130
escalation:
@@ -135,8 +135,8 @@ jobs:
135135
escalate_after: "1h"
136136
public_repo: warpdotdev/warp-public
137137
private_repo: warpdotdev/warp-internal
138+
app_id: ${{ vars.REPO_SYNC_APP_ID }}
138139
secrets:
139-
app_id: ${{ secrets.REPO_SYNC_APP_ID }}
140140
app_private_key: ${{ secrets.REPO_SYNC_APP_PRIVATE_KEY }}
141141
```
142142

examples/consuming-repo-sync.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -44,9 +44,9 @@ jobs:
4444
public_repo: warpdotdev/warp-public
4545
private_repo: warpdotdev/warp-internal
4646
escalate_to: "@oncall-client-primary"
47+
app_id: ${{ vars.REPO_SYNC_APP_ID }}
4748
# slack_webhook_url: ${{ secrets.REPO_SYNC_SLACK_WEBHOOK }}
4849
secrets:
49-
app_id: ${{ secrets.REPO_SYNC_APP_ID }}
5050
app_private_key: ${{ secrets.REPO_SYNC_APP_PRIVATE_KEY }}
5151

5252
# -----------------------------------------------------------------------
@@ -62,8 +62,8 @@ jobs:
6262
public_repo: warpdotdev/warp-public
6363
private_repo: warpdotdev/warp-internal
6464
escalate_to: "@oncall-client-primary"
65+
app_id: ${{ vars.REPO_SYNC_APP_ID }}
6566
secrets:
66-
app_id: ${{ secrets.REPO_SYNC_APP_ID }}
6767
app_private_key: ${{ secrets.REPO_SYNC_APP_PRIVATE_KEY }}
6868

6969
# -----------------------------------------------------------------------
@@ -77,6 +77,6 @@ jobs:
7777
escalate_after: "1h"
7878
public_repo: warpdotdev/warp-public
7979
private_repo: warpdotdev/warp-internal
80+
app_id: ${{ vars.REPO_SYNC_APP_ID }}
8081
secrets:
81-
app_id: ${{ secrets.REPO_SYNC_APP_ID }}
8282
app_private_key: ${{ secrets.REPO_SYNC_APP_PRIVATE_KEY }}

0 commit comments

Comments
 (0)