From a29ce0957e4f8fd8dd12195fe66f69a118125c4b Mon Sep 17 00:00:00 2001 From: dennisvang <29799340+dennisvang@users.noreply.github.com> Date: Wed, 19 Feb 2025 14:04:53 +0100 Subject: [PATCH 01/13] add repo-dispatch action with test work in progress --- .github/actions/repo-dispatch/action.yml | 27 ++++++++++++++++++++++++ .github/workflows/test-repo-dispatch.yml | 22 +++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 .github/actions/repo-dispatch/action.yml create mode 100644 .github/workflows/test-repo-dispatch.yml diff --git a/.github/actions/repo-dispatch/action.yml b/.github/actions/repo-dispatch/action.yml new file mode 100644 index 0000000..b26ca8a --- /dev/null +++ b/.github/actions/repo-dispatch/action.yml @@ -0,0 +1,27 @@ +name: repository-dispatch +description: creates repository_dispatch event in target repository +inputs: + secret-token: + description: fine-grained personal access token with content write permission for the target repo + required: true + secret-token-2: + description: another secret + required: true +runs: + using: composite + steps: + - # https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions#masking-a-value-in-a-log + name: mask secret token + run: echo "::add-mask::$SECRET_TOKEN" + shell: bash + env: + SECRET_TOKEN: ${{ inputs.secret-token }} + + - name: mask secret token + run: echo "::add-mask::${{ inputs.secret-token2 }}" + shell: bash + + - shell: bash + run: | + echo "${{ inputs.secret-token }}" + echo "${{ inputs.secret-token-2 }}" diff --git a/.github/workflows/test-repo-dispatch.yml b/.github/workflows/test-repo-dispatch.yml new file mode 100644 index 0000000..aab0537 --- /dev/null +++ b/.github/workflows/test-repo-dispatch.yml @@ -0,0 +1,22 @@ +# This workflow tests the reusable repo-dispatch action + +name: test repo-dispatch action + +on: + push: + branches: + - main + pull_request: + workflow_dispatch: + +jobs: + dispatch: + runs-on: ubuntu-latest + steps: + - name: checkout so we can use local action + uses: actions/checkout@v4 + - name: test action + uses: ./.github/actions/repo-dispatch + with: + secret-token: my-secret-token + secret-token-2: my-secret-token-2 From cc74cc46a8fdd312e9a3172128f4f805b1854791 Mon Sep 17 00:00:00 2001 From: dennisvang <29799340+dennisvang@users.noreply.github.com> Date: Wed, 19 Feb 2025 14:12:41 +0100 Subject: [PATCH 02/13] test echo without mask --- .github/actions/repo-dispatch/action.yml | 26 +++++++++++------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/.github/actions/repo-dispatch/action.yml b/.github/actions/repo-dispatch/action.yml index b26ca8a..aeb0007 100644 --- a/.github/actions/repo-dispatch/action.yml +++ b/.github/actions/repo-dispatch/action.yml @@ -4,24 +4,22 @@ inputs: secret-token: description: fine-grained personal access token with content write permission for the target repo required: true - secret-token-2: + another-secret: description: another secret required: true runs: using: composite steps: - - # https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions#masking-a-value-in-a-log - name: mask secret token - run: echo "::add-mask::$SECRET_TOKEN" - shell: bash - env: - SECRET_TOKEN: ${{ inputs.secret-token }} - - - name: mask secret token - run: echo "::add-mask::${{ inputs.secret-token2 }}" - shell: bash +# - # https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions#masking-a-value-in-a-log +# name: mask secret token +# run: echo "::add-mask::$SECRET_TOKEN" +# shell: bash +# env: +# SECRET_TOKEN: ${{ inputs.secret-token }} +# +# - name: mask secret token +# run: echo "::add-mask::${{ inputs.secret-token2 }}" +# shell: bash - shell: bash - run: | - echo "${{ inputs.secret-token }}" - echo "${{ inputs.secret-token-2 }}" + run: echo "${{ inputs.secret-token }} and ${{ inputs.another-secret }}" From 03bf4c3974f7ba93c2b03573d0183337a0b0b3c4 Mon Sep 17 00:00:00 2001 From: dennisvang <29799340+dennisvang@users.noreply.github.com> Date: Wed, 19 Feb 2025 14:16:57 +0100 Subject: [PATCH 03/13] test echo with mask --- .github/actions/repo-dispatch/action.yml | 19 ++++++++----------- .github/workflows/test-repo-dispatch.yml | 2 +- 2 files changed, 9 insertions(+), 12 deletions(-) diff --git a/.github/actions/repo-dispatch/action.yml b/.github/actions/repo-dispatch/action.yml index aeb0007..435e246 100644 --- a/.github/actions/repo-dispatch/action.yml +++ b/.github/actions/repo-dispatch/action.yml @@ -10,16 +10,13 @@ inputs: runs: using: composite steps: -# - # https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions#masking-a-value-in-a-log -# name: mask secret token -# run: echo "::add-mask::$SECRET_TOKEN" -# shell: bash -# env: -# SECRET_TOKEN: ${{ inputs.secret-token }} -# -# - name: mask secret token -# run: echo "::add-mask::${{ inputs.secret-token2 }}" -# shell: bash + - # https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions#masking-a-value-in-a-log + name: mask secret inputs + run: | + echo "::add-mask::${{ inputs.secret-token }}" + echo "::add-mask::${{ inputs.another-secret }}" + shell: bash - - shell: bash + - name: test secrets masking run: echo "${{ inputs.secret-token }} and ${{ inputs.another-secret }}" + shell: bash \ No newline at end of file diff --git a/.github/workflows/test-repo-dispatch.yml b/.github/workflows/test-repo-dispatch.yml index aab0537..4fae9d0 100644 --- a/.github/workflows/test-repo-dispatch.yml +++ b/.github/workflows/test-repo-dispatch.yml @@ -19,4 +19,4 @@ jobs: uses: ./.github/actions/repo-dispatch with: secret-token: my-secret-token - secret-token-2: my-secret-token-2 + another-secret: my-other-secret From 6086bbd0f48f20e276ad745eb84a367993480e27 Mon Sep 17 00:00:00 2001 From: dennisvang <29799340+dennisvang@users.noreply.github.com> Date: Wed, 19 Feb 2025 14:40:32 +0100 Subject: [PATCH 04/13] add actual repository dispatch API call --- .github/actions/repo-dispatch/action.yml | 38 ++++++++++++++++++++---- .github/workflows/test-repo-dispatch.yml | 7 +++-- 2 files changed, 37 insertions(+), 8 deletions(-) diff --git a/.github/actions/repo-dispatch/action.yml b/.github/actions/repo-dispatch/action.yml index 435e246..7147ae6 100644 --- a/.github/actions/repo-dispatch/action.yml +++ b/.github/actions/repo-dispatch/action.yml @@ -4,9 +4,26 @@ inputs: secret-token: description: fine-grained personal access token with content write permission for the target repo required: true - another-secret: - description: another secret + type: string + target-repo-owner: + description: target repository owner (as in /) required: true + type: string + target-repo-name: + description: target repository name (as in /) + required: true + type: string + event-type: + # https://docs.github.com/en/webhooks/webhook-events-and-payloads#repository_dispatch + description: action in repository_dispatch event + required: true + type: string + client-payload: + description: client_payload in repository_dispatch event (a JSON object) + required: true + type: string + default: '{}' + runs: using: composite steps: @@ -16,7 +33,16 @@ runs: echo "::add-mask::${{ inputs.secret-token }}" echo "::add-mask::${{ inputs.another-secret }}" shell: bash - - - name: test secrets masking - run: echo "${{ inputs.secret-token }} and ${{ inputs.another-secret }}" - shell: bash \ No newline at end of file + - name: post to github api dispatches endpoint + # https://docs.github.com/en/rest/repos/repos?apiVersion=2022-11-28#create-a-repository-dispatch-event + # https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication + run: | + curl --location \ + --fail-with-body \ + --request POST \ + --header "Accept: application/vnd.github+json" \ + --header "Authorization: Bearer ${{ inputs.secret-token }}" \ + --header "X-GitHub-Api-Version: 2022-11-28" \ + https://api.github.com/repos/${{ inputs.target-repo-owner }}/${{ inputs.target-repo-name }}/dispatches \ + --data '{"event_type":"${{ inputs.event-type }}","client_payload":${{ inputs.client-payload }}}' + shell: bash diff --git a/.github/workflows/test-repo-dispatch.yml b/.github/workflows/test-repo-dispatch.yml index 4fae9d0..4a7a1ad 100644 --- a/.github/workflows/test-repo-dispatch.yml +++ b/.github/workflows/test-repo-dispatch.yml @@ -13,10 +13,13 @@ jobs: dispatch: runs-on: ubuntu-latest steps: - - name: checkout so we can use local action + - name: checkout in order to use local action uses: actions/checkout@v4 - name: test action uses: ./.github/actions/repo-dispatch with: secret-token: my-secret-token - another-secret: my-other-secret + target-repo-name: ${{ github.event.repository.name }} + target-repo-owner: ${{ github.repository_owner }} + event-type: my-event + client-payload: '{"my-key": "my-value"}' From b8a37539bc7890be086d164d26b7f8d855bfd0b5 Mon Sep 17 00:00:00 2001 From: dennisvang <29799340+dennisvang@users.noreply.github.com> Date: Wed, 19 Feb 2025 14:51:21 +0100 Subject: [PATCH 05/13] add test workflow for receiving repository_dispatch --- .github/actions/repo-dispatch/action.yml | 8 +++----- .github/workflows/test-repo-dispatch-listener.yml | 12 ++++++++++++ .github/workflows/test-repo-dispatch.yml | 2 +- 3 files changed, 16 insertions(+), 6 deletions(-) create mode 100644 .github/workflows/test-repo-dispatch-listener.yml diff --git a/.github/actions/repo-dispatch/action.yml b/.github/actions/repo-dispatch/action.yml index 7147ae6..8ce48bf 100644 --- a/.github/actions/repo-dispatch/action.yml +++ b/.github/actions/repo-dispatch/action.yml @@ -1,7 +1,7 @@ name: repository-dispatch description: creates repository_dispatch event in target repository inputs: - secret-token: + secret-token: # beware: mask is applied below description: fine-grained personal access token with content write permission for the target repo required: true type: string @@ -28,10 +28,8 @@ runs: using: composite steps: - # https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions#masking-a-value-in-a-log - name: mask secret inputs - run: | - echo "::add-mask::${{ inputs.secret-token }}" - echo "::add-mask::${{ inputs.another-secret }}" + name: mask secret token + run: echo "::add-mask::${{ inputs.secret-token }}" shell: bash - name: post to github api dispatches endpoint # https://docs.github.com/en/rest/repos/repos?apiVersion=2022-11-28#create-a-repository-dispatch-event diff --git a/.github/workflows/test-repo-dispatch-listener.yml b/.github/workflows/test-repo-dispatch-listener.yml new file mode 100644 index 0000000..7dc478e --- /dev/null +++ b/.github/workflows/test-repo-dispatch-listener.yml @@ -0,0 +1,12 @@ +name: test the receiving end of the repo-dispatch action + +on: + repository_dispatch: + +jobs: + test: + runs-on: ubuntu-latest + steps: + - run: | + echo "action: ${{ github.event.action }}" + echo "payload: ${{ github.event.client_payload }}" diff --git a/.github/workflows/test-repo-dispatch.yml b/.github/workflows/test-repo-dispatch.yml index 4a7a1ad..c2a3a61 100644 --- a/.github/workflows/test-repo-dispatch.yml +++ b/.github/workflows/test-repo-dispatch.yml @@ -18,7 +18,7 @@ jobs: - name: test action uses: ./.github/actions/repo-dispatch with: - secret-token: my-secret-token + secret-token: ${{ secrets.personal_access_token }} target-repo-name: ${{ github.event.repository.name }} target-repo-owner: ${{ github.repository_owner }} event-type: my-event From 100c3d71d6ecaf005040c3c02f966643c327f8d4 Mon Sep 17 00:00:00 2001 From: dennisvang <29799340+dennisvang@users.noreply.github.com> Date: Wed, 19 Feb 2025 15:02:00 +0100 Subject: [PATCH 06/13] show that we can dereference content of client_payload --- .github/workflows/test-repo-dispatch-listener.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-repo-dispatch-listener.yml b/.github/workflows/test-repo-dispatch-listener.yml index 7dc478e..c7e9818 100644 --- a/.github/workflows/test-repo-dispatch-listener.yml +++ b/.github/workflows/test-repo-dispatch-listener.yml @@ -9,4 +9,4 @@ jobs: steps: - run: | echo "action: ${{ github.event.action }}" - echo "payload: ${{ github.event.client_payload }}" + echo "payload: ${{ github.event.client_payload.my-key }}" From 1f3a5d3145f0f2c96b92ba487bc3df5dd4637b76 Mon Sep 17 00:00:00 2001 From: dennisvang <29799340+dennisvang@users.noreply.github.com> Date: Fri, 28 Feb 2025 10:13:14 +0100 Subject: [PATCH 07/13] clarify descriptions --- .github/actions/repo-dispatch/action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/repo-dispatch/action.yml b/.github/actions/repo-dispatch/action.yml index 8ce48bf..c879a06 100644 --- a/.github/actions/repo-dispatch/action.yml +++ b/.github/actions/repo-dispatch/action.yml @@ -15,11 +15,11 @@ inputs: type: string event-type: # https://docs.github.com/en/webhooks/webhook-events-and-payloads#repository_dispatch - description: action in repository_dispatch event + description: action in repository_dispatch event (as in github.event.action) required: true type: string client-payload: - description: client_payload in repository_dispatch event (a JSON object) + description: client_payload in repository_dispatch event (a JSON object, as in github.event.client_payload) required: true type: string default: '{}' From 0dd4d46418c47a06eff741d9108e4f99d2d4a9c9 Mon Sep 17 00:00:00 2001 From: dennisvang <29799340+dennisvang@users.noreply.github.com> Date: Fri, 26 Jun 2026 10:30:40 +0200 Subject: [PATCH 08/13] clarify event-type --- .github/actions/repo-dispatch/action.yml | 2 +- .github/workflows/test-repo-dispatch-listener.yml | 1 + .github/workflows/test-repo-dispatch.yml | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/actions/repo-dispatch/action.yml b/.github/actions/repo-dispatch/action.yml index c879a06..a3afd49 100644 --- a/.github/actions/repo-dispatch/action.yml +++ b/.github/actions/repo-dispatch/action.yml @@ -15,7 +15,7 @@ inputs: type: string event-type: # https://docs.github.com/en/webhooks/webhook-events-and-payloads#repository_dispatch - description: action in repository_dispatch event (as in github.event.action) + description: custom event type string (e.g. for filtering in on.repository_dispatch.types) required: true type: string client-payload: diff --git a/.github/workflows/test-repo-dispatch-listener.yml b/.github/workflows/test-repo-dispatch-listener.yml index c7e9818..6e9b13f 100644 --- a/.github/workflows/test-repo-dispatch-listener.yml +++ b/.github/workflows/test-repo-dispatch-listener.yml @@ -2,6 +2,7 @@ name: test the receiving end of the repo-dispatch action on: repository_dispatch: + types: [my-custom-event-type] jobs: test: diff --git a/.github/workflows/test-repo-dispatch.yml b/.github/workflows/test-repo-dispatch.yml index c2a3a61..9193fab 100644 --- a/.github/workflows/test-repo-dispatch.yml +++ b/.github/workflows/test-repo-dispatch.yml @@ -21,5 +21,5 @@ jobs: secret-token: ${{ secrets.personal_access_token }} target-repo-name: ${{ github.event.repository.name }} target-repo-owner: ${{ github.repository_owner }} - event-type: my-event + event-type: my-custom-event-type client-payload: '{"my-key": "my-value"}' From 5dba6e7f2e3ecba33f9ede38b3005cbdde41d61f Mon Sep 17 00:00:00 2001 From: dennisvang <29799340+dennisvang@users.noreply.github.com> Date: Fri, 26 Jun 2026 10:31:15 +0200 Subject: [PATCH 09/13] bump actions checkout to latest --- .github/workflows/test-repo-dispatch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-repo-dispatch.yml b/.github/workflows/test-repo-dispatch.yml index 9193fab..33ed405 100644 --- a/.github/workflows/test-repo-dispatch.yml +++ b/.github/workflows/test-repo-dispatch.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout in order to use local action - uses: actions/checkout@v4 + uses: actions/checkout@v7 - name: test action uses: ./.github/actions/repo-dispatch with: From d1675f0e72b9fd2764192600d0d8f8c83beca510 Mon Sep 17 00:00:00 2001 From: dennisvang <29799340+dennisvang@users.noreply.github.com> Date: Fri, 26 Jun 2026 13:03:55 +0200 Subject: [PATCH 10/13] use multiline syntax for payload in test-repo-dispatch --- .github/workflows/test-repo-dispatch.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test-repo-dispatch.yml b/.github/workflows/test-repo-dispatch.yml index 33ed405..463d2e0 100644 --- a/.github/workflows/test-repo-dispatch.yml +++ b/.github/workflows/test-repo-dispatch.yml @@ -22,4 +22,7 @@ jobs: target-repo-name: ${{ github.event.repository.name }} target-repo-owner: ${{ github.repository_owner }} event-type: my-custom-event-type - client-payload: '{"my-key": "my-value"}' + client-payload: | + { + "my-key": "my-value" + } From 0a2e18a3748ad0c20766c22a4052bf38371aedc9 Mon Sep 17 00:00:00 2001 From: dennisvang <29799340+dennisvang@users.noreply.github.com> Date: Fri, 26 Jun 2026 13:36:10 +0200 Subject: [PATCH 11/13] update github api version in repo-dispatch action --- .github/actions/repo-dispatch/action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/actions/repo-dispatch/action.yml b/.github/actions/repo-dispatch/action.yml index a3afd49..aaae6ac 100644 --- a/.github/actions/repo-dispatch/action.yml +++ b/.github/actions/repo-dispatch/action.yml @@ -32,7 +32,7 @@ runs: run: echo "::add-mask::${{ inputs.secret-token }}" shell: bash - name: post to github api dispatches endpoint - # https://docs.github.com/en/rest/repos/repos?apiVersion=2022-11-28#create-a-repository-dispatch-event + # https://docs.github.com/en/rest/repos/repos?apiVersion=2026-03-10#create-a-repository-dispatch-event # https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication run: | curl --location \ @@ -40,7 +40,7 @@ runs: --request POST \ --header "Accept: application/vnd.github+json" \ --header "Authorization: Bearer ${{ inputs.secret-token }}" \ - --header "X-GitHub-Api-Version: 2022-11-28" \ + --header "X-GitHub-Api-Version: 2026-03-10" \ https://api.github.com/repos/${{ inputs.target-repo-owner }}/${{ inputs.target-repo-name }}/dispatches \ --data '{"event_type":"${{ inputs.event-type }}","client_payload":${{ inputs.client-payload }}}' shell: bash From 5188836d98e84144423c6535716d9b7bb17d65d6 Mon Sep 17 00:00:00 2001 From: dennisvang <29799340+dennisvang@users.noreply.github.com> Date: Fri, 26 Jun 2026 13:38:35 +0200 Subject: [PATCH 12/13] verbose curl output in repo-dispatch action --- .github/actions/repo-dispatch/action.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/actions/repo-dispatch/action.yml b/.github/actions/repo-dispatch/action.yml index aaae6ac..9b8536d 100644 --- a/.github/actions/repo-dispatch/action.yml +++ b/.github/actions/repo-dispatch/action.yml @@ -36,6 +36,7 @@ runs: # https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication run: | curl --location \ + --verbose \ --fail-with-body \ --request POST \ --header "Accept: application/vnd.github+json" \ From 722ed608a953cec5279931bdb876246143b5e6db Mon Sep 17 00:00:00 2001 From: dennisvang <29799340+dennisvang@users.noreply.github.com> Date: Fri, 26 Jun 2026 13:41:24 +0200 Subject: [PATCH 13/13] clarify name for repo-dispatch action --- .github/workflows/test-repo-dispatch.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-repo-dispatch.yml b/.github/workflows/test-repo-dispatch.yml index 463d2e0..4045286 100644 --- a/.github/workflows/test-repo-dispatch.yml +++ b/.github/workflows/test-repo-dispatch.yml @@ -15,7 +15,7 @@ jobs: steps: - name: checkout in order to use local action uses: actions/checkout@v7 - - name: test action + - name: test the repo-dispatch action (and usage example) uses: ./.github/actions/repo-dispatch with: secret-token: ${{ secrets.personal_access_token }}