SG-40595 Change Git access to HTTPS using a Github App #65
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
This PR migrates authentication from SSH keys to GitHub App tokens for Git operations in Azure DevOps pipelines. The change introduces a Python script to generate GitHub App access tokens and updates the configuration update process to use HTTPS with token-based authentication instead of SSH.
- Replaces SSH-based Git authentication with GitHub App token authentication
- Adds Python script to generate GitHub App installation tokens using JWT
- Updates Git configuration to use GitHub App credentials instead of hardcoded user details
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| internal/update-configuration.yml | Adds GitHub App token generation script and updates Git authentication method |
| internal/release-to-appstore.yml | Adds TODO comment about migrating SSH clone to new authentication method |
| azure-pipelines.yml | Adds GitHub App variable group with concern about manual addition to all repos |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
Better for performance but also to handle incompatibilities
julien-lang
force-pushed
the
ticket/SG-40595-migration-toolkitty-github-app
branch
from
c9e9808 to
0d4ecfb
Compare
julien-lang
changed the base branch from
master
to
ticket/SG-40595-minor-improvements
julien-lang
force-pushed
the
ticket/SG-40595-migration-toolkitty-github-app
branch
from
0d4ecfb to
ada06f7
Compare
julien-lang
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR changes the way CI scripts access Git repositories.
First it nows uses HTTPS instead of SSH. For making that happens, we create a Git credential manager for the session. The manager simply reads the
GH_ACCESS_TOKENenvironment variable.Then, we use the Github Rest API to generate a App Installation Access Token. This token is only valid for 2 hour.