Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How secure does server-token need to be? #1

Closed
moltar opened this issue Feb 7, 2022 · 3 comments
Closed

How secure does server-token need to be? #1

moltar opened this issue Feb 7, 2022 · 3 comments

Comments

@moltar
Copy link
Contributor

moltar commented Feb 7, 2022

I am guessing this isn't a big deal to have something random there?

I am thinking to set this to the value of RUNNER_TEMP, which is a temporary dir within which the project is being built. This dir is random and unpredictable ahead of time.

See https://docs.github.com/en/actions/learn-github-actions/environment-variables
@felixmosh
Copy link
Owner

It doesn't matter, it just makes sure that the "thing" that interactive with the local server is comes from "known" source.

It can contain any value, even "" (empty string) :]

@moltar
Copy link
Contributor Author

moltar commented Feb 7, 2022

Thanks, I assumed so, but the use of ${{ secrets. had threw me off :)

@moltar moltar closed this as completed Feb 7, 2022
@moltar
Copy link
Contributor Author

moltar commented Feb 7, 2022

Btw, incorporating it here: https://github.com/moltar/projen-turborepo

@humphd humphd mentioned this issue Apr 11, 2022
Merged
8 tasks
@yangwooseong yangwooseong mentioned this issue Apr 18, 2024
Merged
6 tasks
yangwooseong added a commit to channel-io/bezier-react that referenced this issue Apr 22, 2024
@yangwooseong
Fix Turborepo server token to uuid (#2166)
281dc98 
<!--
  How to write a good PR title:
- Follow [the Conventional Commits
specification](https://www.conventionalcommits.org/en/v1.0.0/).
  - Give as much context as necessary and as little as possible
  - Prefix it with [WIP] while it’s a work in progress
-->

## Self Checklist

- [x] I wrote a PR title in **English** and added an appropriate
**label** to the PR.
- [x] I wrote the commit message in **English** and to follow [**the
Conventional Commits
specification**](https://www.conventionalcommits.org/en/v1.0.0/).
- [x] I [added the
**changeset**](https://github.com/changesets/changesets/blob/main/docs/adding-a-changeset.md)
about the changes that needed to be released. (or didn't have to)
- [x] I wrote or updated **documentation** related to the changes. (or
didn't have to)
- [x] I wrote or updated **tests** related to the changes. (or didn't
have to)
- [x] I tested the changes in various browsers. (or didn't have to)
  - Windows: Chrome, Edge, (Optional) Firefox
  - macOS: Chrome, Edge, Safari, (Optional) Firefox

## Related Issue

<!-- Please link to issue if one exists -->

<!-- Fixes #0000 -->

- #2159 

## Summary

<!-- Please brief explanation of the changes made -->

- 레포지토리의 시크릿 토큰을 가져오지 않는 이슈가 있어서 uuidV4 해시로 하드코딩합니다. 기본적으로 어떤 값이든 올 수 있기
때문에 하드코딩해도 상관없을 것으로 보입니다.
-
https://github.com/channel-io/bezier-react/actions/runs/8734661989/job/23966571547?pr=2165

<img width="619" alt="image"
src="https://github.com/channel-io/bezier-react/assets/28595102/02fb4a94-6626-480e-934c-c94f79370af7">

## Details

<!-- Please elaborate description of the changes -->

- 생략

### Breaking change? (Yes/No)

<!-- If Yes, please describe the impact and migration path for users -->

- No

## References

<!-- Please list any other resources or points the reviewer should be
aware of -->

- felixmosh/turborepo-gh-artifacts#1
@denniskigen denniskigen mentioned this issue Aug 7, 2024
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@moltar @felixmosh