Skip to content

live-test-powershell: read public PR head with github.token#44

Open
a0x1ab wants to merge 1 commit into
mainfrom
fix/ps-live-test-read-token
Open

live-test-powershell: read public PR head with github.token#44
a0x1ab wants to merge 1 commit into
mainfrom
fix/ps-live-test-read-token

Conversation

@a0x1ab

@a0x1ab a0x1ab commented Jul 1, 2026

Copy link
Copy Markdown
Member

Follow-up smoke-test fix for the PowerShell live-test workflow.

Finding from smoke test (dispatch against main, PR Azure/azure-powershell#29780): the SDK + Key Vault + BAMI OIDC logins all pass (credential reuse works). The run failed at Resolve PR head SHA because the bot PAT (azclibot-pat) is a classic PAT with >8-day lifetime, which the Microsoft Open Source enterprise now forbids for gh api. This affects the existing live-test.yml identically.

Fix: read the (public) azure-powershell PR head via the ambient github.token instead of the bot PAT. The bot PAT is only needed for the cross-repo comment write.

Note: OIDC federated creds are scoped to refs/heads/main, so this must be on main to be validated end-to-end via dispatch. The comment-post step still needs the PAT rotated to fine-grained/≤8-day to post back to azure-powershell PRs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant