Skip to content

go back to token#65

Merged
maryliag merged 1 commit into
open-telemetry:mainfrom
maryliag:survey-fix
Jul 9, 2026
Merged

go back to token#65
maryliag merged 1 commit into
open-telemetry:mainfrom
maryliag:survey-fix

Conversation

@maryliag

@maryliag maryliag commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

My changes to make it work without the need for the token failed because it can't read private members. Reverting to use the client-id/private-key instead

Copilot AI review requested due to automatic review settings July 9, 2026 19:33
@maryliag maryliag requested a review from a team as a code owner July 9, 2026 19:33

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR reverts the survey-on-merged-pr reusable workflow back to using a GitHub App token (client-id/private-key) instead of the built-in GITHUB_TOKEN. The motivation, per the description, is that the built-in token cannot read private organization membership, which is required to correctly determine whether a PR author is an org member. The workflow now mints an installation token via actions/create-github-app-token and performs the membership check at runtime via the API, rather than relying on author_association in the job if: condition.

Changes:

  • Adds required client_id input and private_key secret to the reusable workflow, and mints an app token with pull-requests: write and members: read.
  • Replaces the static author_association filtering in the if: with a runtime gh api orgs/$ORG/members/$USERNAME check, so private org members are correctly detected.
  • Updates the README to document the new input/secret, drops the obsolete "Required permissions" section, and updates the caller example.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
.github/workflows/survey-on-merged-pr.yml Adds app-token minting, new input/secret, and moves the org-membership check to a runtime API call.
survey-on-merged-pr/README.md Documents the new client_id input and private_key secret and updates the caller usage example.

The changes are internally consistent: the README's inputs/secrets match the workflow, SURVEY_URL remains defined at the top-level env:, the app-token usage mirrors the established pattern in pull-request-dashboard-repo.yml, and the membership-check exit-code handling is correct under set -euo pipefail. I did not identify concrete defects to flag. This is a security/authentication-adjacent change to a reusable workflow consumed across multiple repositories, so I am deferring the final call to a human reviewer.


💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@maryliag maryliag merged commit 9cdb862 into open-telemetry:main Jul 9, 2026
5 checks passed
@maryliag maryliag deleted the survey-fix branch July 9, 2026 19:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants