ci(test): remove PAT and Cachix token dependencies from the Test workflow#4159
Draft
Stevengre wants to merge 2 commits into
Draft
ci(test): remove PAT and Cachix token dependencies from the Test workflow#4159Stevengre wants to merge 2 commits into
Stevengre wants to merge 2 commits into
Conversation
…pushing The formatting job used JENKINS_GITHUB_PAT to push a fourmolu commit back to the PR branch. Remove the PAT dependency: run fourmolu and fail the job if any .hs file changed, prompting the author to format locally and commit. No write token or push is needed.
The k-framework Cachix cache is publicly readable, so no auth token is needed to use it as a substituter. Removing authToken makes cachix-action pull-only (no push-back to the cache), eliminating the token dependency. Cache repopulation is left to other authenticated workflows.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Removes both credential dependencies from the `Test` workflow, so it no longer relies on long-lived or manually-managed tokens.
Changes
Drop `JENKINS_GITHUB_PAT` from the formatting job.
The job previously used the PAT to push a fourmolu commit back to the PR branch. It now runs fourmolu and fails if any `.hs` file changed, prompting the author to format locally and commit. No write token or push is needed.
Drop `CACHIX_PUBLIC_TOKEN` (pull-only Cachix).
The `k-framework` Cachix cache is publicly readable, so no auth token is needed to use it as a substituter. Removing `authToken` makes `cachix-action` pull-only (no push-back). Cache repopulation is left to other authenticated workflows.
Notes