Skip to content

Use JWT to get GH Token #201

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 18, 2025
Merged

Use JWT to get GH Token #201

merged 1 commit into from
Jun 18, 2025

Conversation

avangelillo
Copy link
Contributor

What does this PR do?

Previously I thought that we could use the JWT to as the token for github, but we actually need to use that to get the github token, and then everything else should work the same. I tried this by checking the auth status on a test run, and it seems to work.

Motivation

Unblock releases

Testing Guidelines

See gh auth status pass here

github.com
  ✓ Logged in to github.com account datadog-cloudformation-macro-bot[bot] (GH_TOKEN)
  - Active account: true
  - Git operations protocol: https
  - Token: ghs_************************************

Additional Notes

Types of changes

  • Bug fix
  • New feature
  • Breaking change
  • Misc (docs, refactoring, dependency upgrade, etc.)

Check all that apply

  • This PR's description is comprehensive
  • This PR contains breaking changes that are documented in the description
  • This PR introduces new APIs or parameters that are documented and unlikely to change in the foreseeable future
  • This PR impacts documentation, and it has been updated (or a ticket has been logged)
  • This PR's changes are covered by the automated tests
  • This PR collects user input/sensitive content into Datadog

@avangelillo
Use JWT to get GH Token
c464507 
Previously I thought that we could use the JWT to as the token for github, but
we actually need to use that to get the github token, and then everything else
should work the same.  I tried this by checking the auth status on a test run,
and it seems to work.
@avangelillo avangelillo marked this pull request as ready for review June 18, 2025 18:55
@avangelillo avangelillo requested a review from a team as a code owner June 18, 2025 18:55
@avangelillo avangelillo requested a review from radiawong June 18, 2025 18:55
ava-silver
ava-silver approved these changes Jun 18, 2025
View reviewed changes
Copy link

@ava-silver ava-silver left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

one thing, approving to not block

serverless/tools/get_secrets.sh

# Write private key to a temporary file
PRIVATE_KEY_FILE=$(mktemp)
echo "$GH_PRIVATE_KEY" > "$PRIVATE_KEY_FILE"

# Get the GH token
export GH_TOKEN=$(bash serverless/tools/generate_jwt.sh $GH_APP_ID $PRIVATE_KEY_FILE)
export JWT_TOKEN=$(bash serverless/tools/generate_jwt.sh $GH_APP_ID $PRIVATE_KEY_FILE)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit

Suggested change
export JWT_TOKEN=$(bash serverless/tools/generate_jwt.sh $GH_APP_ID $PRIVATE_KEY_FILE)
export JWT_TOKEN=$(bash serverless/tools/generate_jwt.sh "$GH_APP_ID" "$PRIVATE_KEY_FILE")

@avangelillo avangelillo merged commit 70ace61 into main Jun 18, 2025
11 checks passed
@avangelillo avangelillo deleted the alex.angelillo/getGHToken branch June 18, 2025 19:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TalUsvyatsky TalUsvyatsky TalUsvyatsky approved these changes

@ava-silver ava-silver ava-silver approved these changes

@radiawong radiawong Awaiting requested review from radiawong radiawong is a code owner automatically assigned from DataDog/serverless-onboarding-enablement

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@avangelillo @TalUsvyatsky @ava-silver