Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is groundwork for using
{{ github.token }}
everywhere. We will need to addpermissions
to a few places to make the built-in GitHub Actions workflow integration PAT more powerful than how it comes by default:https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/
I believe this is the optimal way to proceed to make the PR ready:
GH_PAT
/token
throughenv
to other GitHub Actionsactions/checkout
- we can probably just not passtoken
to this right?upptime/uptime-monitor
- we should make a PR like this there first and use{{ github.token }}
+permissions
there instead ofGH_PAT
first and then drop theenv
here as a proof of conceptupptime/updates
- we should make a PR like this there first and use{{ github.token }}
+permissions
there instead ofGH_PAT
first and then drop theenv
here as a proof of conceptbenc-uk/workflow-dispatch
- we should make a contribution there first to not needtoken
and instead use{{ github.token }}
+permissions
This is already kind of done here Regression on token permissions benc-uk/workflow-dispatch#52 so theoretically we just need to pass
permissions
instead oftoken
.peaceiris/actions-gh-pages
- we should make a contribution there first to not needgithub_token
and instead use{{ github.token }}
+permissions
This is covered here: https://github.com/peaceiris/actions-gh-pages#%EF%B8%8F-first-deployment-with-github_token. When we don't pass a custom PAT there is an extra step needed in the GitHub Pages setup it seems. IMO worth doing this even with this extra step because that's just one step whereas as of now making the PAT is a series of steps.
GH_PAT
from the main repo (this PR) and addpermissions
with the necessary permissionsI will try to contribute changes to the external dependencies first (
benc-uk/workflow-dispatch
andpeaceiris/actions-gh-pages
) to see if using{{ github.token }}
andpermissions
there is even feasible. That will tell us whether this whole endeavor is doable at all. I think it should work but I don't know yet.I will leave this draft PR open while I do this and update the steps here as I progress.