Update PR and release operations to optionally support Github App#15388
Conversation
…-github and pass the authtoken parameter
There was a problem hiding this comment.
Pull request overview
This PR updates common Azure DevOps pipeline templates used for git pushes, PR creation, and GitHub releases to support GitHub App installation tokens (via login-to-github.yml) while keeping $(azuresdk-github-pat) as the default for backward compatibility.
Changes:
- Add an
AuthTokenparameter to shared templates and thread it through to git push, PR creation, and release steps. - Update git remote URL construction to the
x-access-token:<token>@github.com/...format for token-based authentication. - Add
PushAuthTokensupport in PR creation to allow separate credentials for cross-org fork pushes vs. PR creation.
Show a summary per file
| File | Description |
|---|---|
| eng/common/pipelines/templates/steps/git-push-changes.yml | Adds AuthToken parameter, passes it to rate-limit metrics, and uses it in the git remote URL for push auth. |
| eng/common/pipelines/templates/steps/create-tags-and-git-release.yml | Adds AuthToken parameter and maps it to GH_TOKEN for the release script. |
| eng/common/pipelines/templates/steps/create-pull-request.yml | Adds AuthToken + PushAuthToken parameters and threads them into push/PR creation steps; updates guidance for GitHub App token usage. |
Copilot's findings
- Files reviewed: 3/3 changed files
- Comments generated: 1
|
The following pipelines have been queued for testing: |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
|
The following pipelines have been queued for testing: |
scbedd
changed the title
PR and release operations to Github AppPR and release operations to optionally support Github App
…on for the new builds, but other than that, no impact
|
The following pipelines have been queued for testing: |
Sync eng/common directory with azure-sdk-tools for PR Azure/azure-sdk-tools#15388 See [eng/common workflow](https://github.com/Azure/azure-sdk-tools/blob/main/eng/common/README.md#workflow) --------- Co-authored-by: Scott Beddall <scbedd@microsoft.com> Co-authored-by: Scott Beddall <45376673+scbedd@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Sync eng/common directory with azure-sdk-tools for PR Azure/azure-sdk-tools#15388 See [eng/common workflow](https://github.com/Azure/azure-sdk-tools/blob/main/eng/common/README.md#workflow) --------- Co-authored-by: Scott Beddall <scbedd@microsoft.com> Co-authored-by: Scott Beddall <45376673+scbedd@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
The difference here, is that I can get this merged without affecting the bunch of satellite repo callsites of
create-pull-requestorcreate-tags-and-git-release.yml.Doing it this way means that I can get a safe phased rollout where we are explicitly updating to pass the new token in the new locations. Then after it's all working passing
GH_TOKENexplicitly, it'll be an easy one-shot pr to move the default of$(azure-sdk-pat)to$(GH_TOKEN).Pipelines will take advantage of new default logic by removing
$(azure-sdk-pat)from their variable group.These assumptions are tested and confirmed working in this python - template release
Related to #9842