.github

🎯 Discr - Shared GitHub Actions workflows and organization configuration for the Discr project.

This repository contains reusable GitHub Actions workflows used across all Discr repositories.

🔐 HEIMDALLR_TOKEN Setup

The workflows use a GitHub Personal Access Token (PAT) for the mosherlabs-heimdallr service account to post PR comments with proper attribution.

Creating/Rotating the Token

1. Login to GitHub as mosherlabs-heimdallr (credentials in 1Password)

2. Go to Settings → Developer settings → Personal access tokens → Tokens (classic)

3. Click Generate new token (classic)

4. Token settings:

   • Note: HEIMDALLR_TOKEN for discrapp
   • Expiration: 90 days (recommended)
   • Scopes: repo (Full control of private repositories)

5. Generate token and copy it immediately

6. Add to discrapp org:

   echo "<token>" | gh secret set HEIMDALLR_TOKEN --org discrapp --visibility all

7. Store in 1Password under mosherlabs-heimdallr account for future reference

Why This Token

• Provides proper attribution (gravatar, username) on PR comments
• Shared across all discrapp repos via organization secret
• Must be rotated every 90 days for security

💬 Slack Integration Setup

The Heimdallr workflow can send notifications to Slack when releases are created. This requires two organization secrets from your Slack workspace.

Getting Slack Credentials

1. Go to Slack App Settings

   • Visit the Slack app at https://api.slack.com/apps
   • Select your app (or create a new one for Discr notifications)

2. Get the Bot User OAuth Token

   • Navigate to OAuth & Permissions in the sidebar
   • Copy the Bot User OAuth Token (starts with xoxb-)
   • This token allows the bot to post messages

3. Get the Channel ID

   • Open Slack and navigate to the channel where you want notifications
   • Click the channel name at the top
   • Scroll down and copy the Channel ID (looks like C01234ABCDE)

Setting the Secrets

# Set the Slack bot token
echo "<xoxb-token>" | gh secret set SLACK_BOT_USER_OAUTH_ACCESS_TOKEN \
  --org discrapp --visibility all

# Set the Slack channel ID
echo "<channel-id>" | gh secret set SLACK_PLATFORM_NOTIFICATIONS_CHANNEL_ID \
  --org discrapp --visibility all

Required Slack App Permissions

Your Slack app needs these Bot Token Scopes:

• chat:write - Post messages to channels
• chat:write.public - Post to public channels without joining

Why These Secrets

• SLACK_BOT_USER_OAUTH_ACCESS_TOKEN - Authenticates the bot to send messages
• SLACK_PLATFORM_NOTIFICATIONS_CHANNEL_ID - Specifies which channel receives notifications
• Both are organization secrets shared across all Discr repos
• Used by Heimdallr workflow when enable_slack: true

🔰 Contributing

Upon first clone, install the pre-commit hooks.

pre-commit install

To run pre-commit hooks locally, without a git commit.

pre-commit run -a --all-files

To update pre-commit hooks, this ideally should be ran before a pull request is merged.

pre-commit autoupdate