Skip to content

fix(ci): use nonreserved github packages token#6

Merged
Jess Sullivan (Jesssullivan) merged 1 commit into
mainfrom
codex/tin713-nonreserved-package-token
Apr 28, 2026
Merged

fix(ci): use nonreserved github packages token#6
Jess Sullivan (Jesssullivan) merged 1 commit into
mainfrom
codex/tin713-nonreserved-package-token

Conversation

@Jesssullivan

@Jesssullivan Jess Sullivan (Jesssullivan) commented Apr 28, 2026

Copy link
Copy Markdown
Contributor

Pins the package Publish workflow to the non-reserved token contract from ci-templates#24 and passes TINYLAND_GITHUB_PACKAGES_TOKEN where the workflow uses explicit secret mapping.

GitHub rejects custom Actions secret names beginning with GITHUB_, so the previous GITHUB_PACKAGES_TOKEN wiring could never be installed as an org secret.

Tracking: TIN-713

@greptile-apps

greptile-apps Bot commented Apr 28, 2026

Copy link
Copy Markdown

Greptile Summary

Renames the secret mapping from GITHUB_PACKAGES_TOKEN to TINYLAND_GITHUB_PACKAGES_TOKEN to avoid GitHub's restriction on custom secret names starting with GITHUB_, and bumps the reusable workflow pin to the corresponding SHA in ci-templates that adopts the same naming contract.

Confidence Score: 5/5

Safe to merge — minimal, targeted change that unblocks org-secret installation with no logic risk.

Both changes (secret rename and SHA bump) are straightforward and correctly aligned: the new secret name avoids the reserved GITHUB_ prefix, and the workflow SHA is pinned to the upstream commit that introduced the matching contract. No logic, security, or correctness issues found.

No files require special attention.

Important Files Changed

Filename Overview
.github/workflows/publish.yml Renames the passed secret from GITHUB_PACKAGES_TOKEN to TINYLAND_GITHUB_PACKAGES_TOKEN and bumps the reusable workflow SHA to the matching contract version.

Sequence Diagram

sequenceDiagram
    participant GH as GitHub Actions
    participant PW as publish.yml
    participant CT as ci-templates/js-bazel-package.yml@82308d0
    participant GPR as GitHub Packages Registry

    GH->>PW: trigger (release published / workflow_dispatch)
    PW->>CT: uses reusable workflow (SHA-pinned)
    Note over PW,CT: secrets: NPM_TOKEN, TINYLAND_GITHUB_PACKAGES_TOKEN
    CT->>GPR: publish package (authenticated via TINYLAND_GITHUB_PACKAGES_TOKEN)
    GPR-->>CT: publish result
    CT-->>PW: job result
Loading

Reviews (1): Last reviewed commit: "fix(ci): use nonreserved github packages..." | Re-trigger Greptile

@Jesssullivan Jess Sullivan (Jesssullivan) merged commit 8d7cbb1 into main Apr 28, 2026
5 checks passed
@Jesssullivan Jess Sullivan (Jesssullivan) deleted the codex/tin713-nonreserved-package-token branch April 28, 2026 23:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@Jesssullivan Jess Sullivan (Jesssullivan)

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Jesssullivan