Page MenuHomeFreeBSD

[skip ci] Add a github workflow step to validate the CODEOWNERS file
Needs ReviewPublic

Authored by asomers on Jun 21 2021, 6:44 PM.



Sponsored by: Axcient

Diff Detail

rS FreeBSD src repository - subversion
Lint OK
No Unit Test Coverage
Build Status
Buildable 40028
Build 36917: arc lint + arc unit

Event Timeline

asomers created this revision. added inline comments.

Is there a reason why a GitHub secret is not used?


Please explain:what is a "Github secret" and how does one use it?


Sure! A thorough explanation here:

A tl;dr would be:

Since this is a github_access_token (i.e. a password), albeit access-restricted, should be protected nonetheless.

For example, it may have read-only access to security/private branches belonging to that account, since the token is exposed to the public, anyone could read the contents of such branches.

By creating a GitHub secret —think of an environment variable for GitHub— you will be able to reference it in any workflow using ${{ secrets.DESCRIPTIVE_NAME }}.

For this particular case, after deleting the published one and creating a new one under the name of OWNERS_VALIDATOR_GITHUB_SECRET (for example), one can replace the last line with:

github_access_token: ${{ secrets.OWNERS_VALIDATOR_GITHUB_SECRET }}

Well, that does look like the correct thing to do. But I can't do it, because I don't have admin rights to the Github repo. Maybe @imp does, or knows who does?