Skip to content

fix(ci): use nonreserved github packages token#6

Merged
Jess Sullivan (Jesssullivan) merged 1 commit into
mainfrom
codex/tin713-nonreserved-package-token
Apr 28, 2026
Merged

fix(ci): use nonreserved github packages token#6
Jess Sullivan (Jesssullivan) merged 1 commit into
mainfrom
codex/tin713-nonreserved-package-token

Conversation

@Jesssullivan

@Jesssullivan Jess Sullivan (Jesssullivan) commented Apr 28, 2026

Copy link
Copy Markdown
Contributor

Pins the package Publish workflow to the non-reserved token contract from ci-templates#24 and passes TINYLAND_GITHUB_PACKAGES_TOKEN where the workflow uses explicit secret mapping.

GitHub rejects custom Actions secret names beginning with GITHUB_, so the previous GITHUB_PACKAGES_TOKEN wiring could never be installed as an org secret.

Tracking: TIN-713

@greptile-apps

greptile-apps Bot commented Apr 28, 2026

Copy link
Copy Markdown

Greptile Summary

Renames the GitHub Packages secret from GITHUB_PACKAGES_TOKEN to TINYLAND_GITHUB_PACKAGES_TOKEN to work around GitHub's restriction on org secrets with the GITHUB_ prefix, and bumps the pinned SHA of the reusable js-bazel-package.yml workflow to the matching revision from ci-templates#24 that expects the new secret name.

Confidence Score: 5/5

Safe to merge — minimal, well-motivated CI fix with no logic or security concerns.

Only two lines changed: the reusable workflow SHA bump (pinned, not a floating ref) and the secret rename to comply with GitHub's reserved-prefix restriction. Both changes are correct and consistent with each other and the PR description.

No files require special attention.

Important Files Changed

Filename Overview
.github/workflows/publish.yml Pins reusable workflow to new SHA and renames secret from GITHUB_PACKAGES_TOKEN to TINYLAND_GITHUB_PACKAGES_TOKEN to avoid the GitHub-reserved prefix restriction.

Sequence Diagram

sequenceDiagram
    participant GH as GitHub Actions
    participant Publish as publish.yml
    participant Template as ci-templates/js-bazel-package.yml@82308d0
    participant OrgSecrets as Org Secrets

    GH->>Publish: trigger (release / workflow_dispatch)
    Publish->>OrgSecrets: resolve TINYLAND_GITHUB_PACKAGES_TOKEN
    OrgSecrets-->>Publish: token value
    Publish->>Template: call reusable workflow (pinned SHA)
    Note over Publish,Template: secrets.TINYLAND_GITHUB_PACKAGES_TOKEN passed explicitly
    Template->>GH: publish package to GitHub Packages
Loading

Reviews (1): Last reviewed commit: "fix(ci): use nonreserved github packages..." | Re-trigger Greptile

@Jesssullivan Jess Sullivan (Jesssullivan) merged commit a43db5a into main Apr 28, 2026
5 checks passed
@Jesssullivan Jess Sullivan (Jesssullivan) deleted the codex/tin713-nonreserved-package-token branch April 28, 2026 23:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@Jesssullivan Jess Sullivan (Jesssullivan)

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Jesssullivan