Skip to content

Comments

🔑 Rename env var to GH_AW_CI_TRIGGER_TOKEN and default its usage#17997

Merged
dsyme merged 8 commits intomainfrom
cit
Feb 24, 2026
Merged

🔑 Rename env var to GH_AW_CI_TRIGGER_TOKEN and default its usage#17997
dsyme merged 8 commits intomainfrom
cit

Conversation

@dsyme
Copy link
Contributor

@dsyme dsyme commented Feb 24, 2026

Summary

  • Rename GH_AW_EXTRA_EMPTY_COMMIT_TOKEN env var to GH_AW_CI_TRIGGER_TOKEN across source, tests, and schema
  • Make GH_AW_CI_TRIGGER_TOKEN the default behavior when github-token-for-extra-empty-commit is not explicitly configured (previously required default keyword)
  • Update schema descriptions to reflect the new default behavior and simplified configuration options

Copilot AI review requested due to automatic review settings February 24, 2026 00:03
Copilot AI reviewed Feb 24, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Renames the environment variable used for “extra empty commit” CI-trigger token handling and changes the workflow compilation logic so the magic GH_AW_CI_TRIGGER_TOKEN secret is used by default when no explicit token is configured.

Changes:

  • Renamed GH_AW_EXTRA_EMPTY_COMMIT_TOKEN to GH_AW_CI_TRIGGER_TOKEN across workflow compilation and the JS helper/tests.
  • Defaulted github-token-for-extra-empty-commit behavior to use GH_AW_CI_TRIGGER_TOKEN when unset/empty (while still supporting app and explicit token values).
  • Updated JSON schema descriptions to reflect the new defaulting behavior.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
pkg/workflow/create_pull_request.go Emits GH_AW_CI_TRIGGER_TOKEN env var for the create-PR job and defaults to the magic secret when not configured.
pkg/workflow/compiler_safe_outputs_job.go Sets job-level GH_AW_CI_TRIGGER_TOKEN env var for consolidated safe-outputs, defaulting to the magic secret when not configured.
pkg/parser/schemas/main_workflow_schema.json Updates schema text to describe the new default behavior and remove “default keyword” guidance.
actions/setup/js/extra_empty_commit.cjs Reads the renamed env var (GH_AW_CI_TRIGGER_TOKEN).
actions/setup/js/extra_empty_commit.test.cjs Updates tests to use the renamed env var.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@github-actions github-actions bot mentioned this pull request Feb 24, 2026
Closed
@pelikhan
Copy link
Contributor

pelikhan commented Feb 24, 2026

@dsyme fix the lint go issues as well

@dsyme dsyme merged commit 4e13b1a into main Feb 24, 2026
48 checks passed
@dsyme dsyme deleted the cit branch February 24, 2026 01:02
github-actions bot pushed a commit that referenced this pull request Feb 24, 2026
@claude @github-actions
docs: fix magic secret command and add threat-detection runs-on field
ef360c8 
- Fix incorrect secret name in triggering-ci.mdx magic secret section:
  the command showed MY_CI_TRIGGER_PAT but the correct name is
  GH_AW_CI_TRIGGER_TOKEN (introduced in #17997)
- Add missing `runs-on` field to threat-detection.md configuration table,
  documenting the detection job runner override added in #17979

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@github-actions github-actions bot mentioned this pull request Feb 24, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dsyme @pelikhan