feat: allow separate PUSH_TOKEN to prevent activity feed pollution (Fixes #650)#654
feat: allow separate PUSH_TOKEN to prevent activity feed pollution (Fixes #650)#654zryyyy wants to merge 2 commits into
Conversation
github-actions
Bot
added
documentation
aravindvnair99
left a comment
aravindvnair99
left a comment
There was a problem hiding this comment.
Please revert the whitespace changes.
solusops
left a comment
solusops
left a comment
There was a problem hiding this comment.
Why are the template files and .github files being touched?
That is not the objective of the PR, I believe.
solusops
left a comment
solusops
left a comment
There was a problem hiding this comment.
Kindly revert any non-PR related file changes.
github-actions
Bot
removed
documentation
|
I have dropped the commit and reverted the whitespace/non-PR related file changes as requested. |
There was a problem hiding this comment.
Pull request overview
Adds support for using a separate token for git authentication (clone/push) than the token used for GitHub API data fetching, addressing Issue #650’s “activity feed pollution” concern by enabling pushes to be attributed to github-actions[bot].
Changes:
- Introduces an optional
PUSH_TOKENaction input (defaults to empty) to override the token used in the git remote URL. - Loads
INPUT_PUSH_TOKENin the environment manager. - Uses
PUSH_TOKEN(fallback toGH_TOKEN) when constructing the repo HTTPS URL for cloning/pushing.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
sources/manager_github.py |
Chooses between PUSH_TOKEN and GH_TOKEN when building the git remote URL used for clone/push. |
sources/manager_environment.py |
Reads the new INPUT_PUSH_TOKEN value into EnvironmentManager. |
action.yml |
Adds the PUSH_TOKEN input definition for the GitHub Action. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| default: ${{ github.token }} | ||
|
|
||
| PUSH_TOKEN: | ||
| description: 'GitHub token used for git push. Set to github.token to prevent polluting your activity feed.' |
There was a problem hiding this comment.
The new PUSH_TOKEN input is described as “Set to github.token”, but users typically must pass the expression ${{ github.token }} (and ensure the workflow has permissions: contents: write) for pushes to succeed. Consider updating the description to explicitly show ${{ github.token }}, mention the required permissions, and clarify that this token is used for git auth (clone/remote URL/push), not only the push step. Also, README workflow examples currently only mention GH_TOKEN and don’t document PUSH_TOKEN, so users may not discover the new option.
| description: 'GitHub token used for git push. Set to github.token to prevent polluting your activity feed.' | |
| description: 'GitHub token used for git authentication (clone/remote URL/push). To prevent polluting your activity feed, set this to `${{ github.token }}` and ensure your workflow has `permissions: contents: write`.' |
|
Hi @ok-coder1 @solusops, I've gone ahead and implemented the fallback mechanism we discussed in the latest commit (97a81b9). Here is a summary of the updates:
This approach allows us to use Could you please take another look when you have a moment? Let me know if you'd like any further adjustments! |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
Hi @aravindvnair99 @solusops, could you please take another look when you have time? I’ve addressed the requested changes, and the PR is currently mergeable. If the current approach looks good, would you mind approving/merging it? Otherwise, please let me know what else needs to be changed. Thanks! |
- Add PUSH_TOKEN input to action.yml - Update EnvironmentManager to parse INPUT_PUSH_TOKEN - Use PUSH_TOKEN in GitHubManager for git remote URL if provided, otherwise fallback to GH_TOKEN
- Default `PUSH_TOKEN` to `${{ github.token }}` in action.yml.
- Validate `PUSH_TOKEN` permissions via API and fallback to `GH_TOKEN` if invalid or unauthorized.
This PR addresses Issue #650 by separating the token used for fetching data from the token used for git pushes.
Changes:
PUSH_TOKENinput: Users can now optionally provide aPUSH_TOKEN(like${{ github.token }}) for git push operations, while still using their personalGH_TOKENfor fetching API data.github-actions[bot]instead of the user's personal account, keeping the Activity Feed clean.PUSH_TOKENis not provided, the action safely falls back to usingGH_TOKEN.Closes #650.