Understand how to manage github token in worflows for the triggers of the actions

[MSECode]

Task description 📝

How should be the GITHUB_TOKEN managed in the workflow files. Should we save the github token for the triggers under the secrets of the repo or should we request the token saved in another repo using the Get Token action tibdex/github-app-token@v2.

Definition of Done ✅

Study that and modify the workflow files accordingly.

[pattacini]

Hi @MSECode

Can you describe the GH action in question?

[MSECode]

I was not sure if it is better to change these lines:
https://github.com/icub-tech-iit/docker-deployment-images/blob/master/.github/workflows/release.yml#L70-L72
requesting instead the token in this manner:

- name: Get Token

        id: get_workflow_token

        uses: tibdex/github-app-token@v2

        with:

          private_key: ${{ secrets.ICUB_TECH_IIT_APP_KEY }}

          app_id: ${{ secrets.ICUB_TECH_IIT_APP_ID }}

          installation_retrieval_mode: repository

          installation_retrieval_payload: icub-tech-iit/code

However, probably this problem can be considered already solved by the discussion we had here: #24
And therefore the workflow can be as it is now.

[pattacini]

Hi @MSECode

It seems you're trying to dispatch an event to the same repository.
So, check out the documentation of https://github.com/peter-evans/repository-dispatch.

It suffices to do:

  - name: Repository Dispatch
    uses: peter-evans/repository-dispatch@v3
    with:
      event-type: my-event

Therefore, providing the token explicitly (which will be GITHUB_TOKEN under the hood) is unnecessary.

And therefore the workflow can be as it is now.

To sum up, yep 👍🏻
However, I suggest you clean it up according to the action documentation.