Skip to content

Commit 41be66a

Browse files
lelialelia
committed
Use dedicated SFW token secret
1 parent cf2f02f commit 41be66a

1 file changed

Lines changed: 6 additions & 7 deletions

File tree

.github/workflows/dependency-review.yml

Lines changed: 6 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -8,8 +8,7 @@ name: dependency-review
88
# per PR:
99
#
1010
# - SocketDev org members on an in-repo (non-fork) PR, when
11-
# SOCKET_API_TOKEN or SOCKET_CLI_API_TOKEN is present -> Socket Firewall
12-
# ENTERPRISE
11+
# SOCKET_SFW_API_TOKEN is present -> Socket Firewall ENTERPRISE
1312
# (authenticated, full org-policy enforcement).
1413
# - Everything else -- Dependabot, forks, outside collaborators, external
1514
# contributors, or a missing token -> Socket Firewall FREE (anonymous, no
@@ -88,7 +87,7 @@ jobs:
8887
IS_FORK: ${{ github.event.pull_request.head.repo.full_name != github.repository }}
8988
AUTHOR_ASSOC: ${{ github.event.pull_request.author_association }}
9089
# Empty for fork PRs (secrets withheld) and until a token secret is added.
91-
SOCKET_API_TOKEN: ${{ secrets.SOCKET_API_TOKEN || secrets.SOCKET_CLI_API_TOKEN }}
90+
SOCKET_SFW_API_TOKEN: ${{ secrets.SOCKET_SFW_API_TOKEN }}
9291
run: |
9392
mode=firewall-free
9493
# Enterprise only for a SocketDev org member (OWNER/MEMBER) on an
@@ -97,7 +96,7 @@ jobs:
9796
# contributors, or a missing token -- uses the free edition.
9897
if [ "$IS_DEPENDABOT" != "true" ] \
9998
&& [ "$IS_FORK" != "true" ] \
100-
&& [ -n "$SOCKET_API_TOKEN" ] \
99+
&& [ -n "$SOCKET_SFW_API_TOKEN" ] \
101100
&& printf '%s' "$AUTHOR_ASSOC" | grep -qE '^(OWNER|MEMBER)$'; then
102101
mode=firewall-enterprise
103102
fi
@@ -136,7 +135,7 @@ jobs:
136135
with:
137136
uv: "true"
138137
mode: ${{ needs.inspect.outputs.sfw_mode }}
139-
socket-token: ${{ secrets.SOCKET_API_TOKEN || secrets.SOCKET_CLI_API_TOKEN }}
138+
socket-token: ${{ secrets.SOCKET_SFW_API_TOKEN }}
140139

141140
- name: Sync project through Socket Firewall
142141
# `sfw uv sync` is the intended way to route uv through Socket Firewall
@@ -185,7 +184,7 @@ jobs:
185184
with:
186185
node: "true"
187186
mode: ${{ needs.inspect.outputs.sfw_mode }}
188-
socket-token: ${{ secrets.SOCKET_API_TOKEN || secrets.SOCKET_CLI_API_TOKEN }}
187+
socket-token: ${{ secrets.SOCKET_SFW_API_TOKEN }}
189188

190189
- name: Install fixture through Socket Firewall
191190
working-directory: tests/e2e/fixtures/simple-npm
@@ -206,7 +205,7 @@ jobs:
206205
with:
207206
python: "true"
208207
mode: ${{ needs.inspect.outputs.sfw_mode }}
209-
socket-token: ${{ secrets.SOCKET_API_TOKEN || secrets.SOCKET_CLI_API_TOKEN }}
208+
socket-token: ${{ secrets.SOCKET_SFW_API_TOKEN }}
210209

211210
- name: Install fixture through Socket Firewall
212211
working-directory: tests/e2e/fixtures/simple-pypi

0 commit comments

Comments
 (0)