Skip to content

fix(ci): use nonreserved github packages token#10

Merged
Jess Sullivan (Jesssullivan) merged 1 commit into
mainfrom
codex/tin713-nonreserved-package-token
Apr 28, 2026
Merged

fix(ci): use nonreserved github packages token#10
Jess Sullivan (Jesssullivan) merged 1 commit into
mainfrom
codex/tin713-nonreserved-package-token

Conversation

@Jesssullivan

@Jesssullivan Jess Sullivan (Jesssullivan) commented Apr 28, 2026

Copy link
Copy Markdown
Contributor

Pins the package Publish workflow to the non-reserved token contract from ci-templates#24 and passes TINYLAND_GITHUB_PACKAGES_TOKEN where the workflow uses explicit secret mapping.

GitHub rejects custom Actions secret names beginning with GITHUB_, so the previous GITHUB_PACKAGES_TOKEN wiring could never be installed as an org secret.

Tracking: TIN-713

@greptile-apps

greptile-apps Bot commented Apr 28, 2026

Copy link
Copy Markdown

Greptile Summary

This PR updates the publish.yml reusable-workflow SHA pin from 0d88ad7… to 82308d0…, switching to the ci-templates#24 contract that uses TINYLAND_GITHUB_PACKAGES_TOKEN instead of the reserved-prefix GITHUB_PACKAGES_TOKEN name that GitHub rejects as an org secret. The existing secrets: inherit line already propagates all caller secrets (including the renamed token) to the called workflow, so no additional wiring is needed in this file.

Confidence Score: 5/5

Safe to merge — single-line SHA bump to a pinned, reviewed workflow SHA with no logic changes in this repo.

Only change is the reusable-workflow SHA pin; all other inputs and the secrets: inherit passthrough are unchanged. The fix directly addresses the documented GitHub limitation on reserved secret prefixes.

No files require special attention.

Important Files Changed

Filename Overview
.github/workflows/publish.yml SHA pin of reusable workflow bumped from 0d88ad7 to 82308d0, adopting the non-reserved TINYLAND_GITHUB_PACKAGES_TOKEN secret contract; no other logic changed.

Sequence Diagram

sequenceDiagram
    participant GH as GitHub Actions
    participant PW as publish.yml
    participant CIT as ci-templates js-bazel-package.yml@82308d0
    participant GPR as GitHub Package Registry

    GH->>PW: release published / workflow_dispatch
    PW->>CIT: uses (SHA-pinned) + secrets: inherit
    Note over PW,CIT: TINYLAND_GITHUB_PACKAGES_TOKEN<br/>now passed via inherit
    CIT->>GPR: publish @tinyland-inc/tinyland-security
    GPR-->>CIT: success
    CIT-->>PW: job complete
Loading

Reviews (1): Last reviewed commit: "fix(ci): use nonreserved github packages..." | Re-trigger Greptile

@Jesssullivan Jess Sullivan (Jesssullivan) merged commit 538d2a0 into main Apr 28, 2026
5 checks passed
@Jesssullivan Jess Sullivan (Jesssullivan) deleted the codex/tin713-nonreserved-package-token branch April 28, 2026 23:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@Jesssullivan Jess Sullivan (Jesssullivan)

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Jesssullivan