Remove --external-repository-token option from runner
Specifying a token as a cli input leads to a potential for leaking the token on CI logs. This commit removes the option. Instead, users should specify a single GitHub token through `--github-auth-stdin` or by setting the `GITHUB_TOKEN` environment variable. This token should be created with enough privileges to access the required repository.
This commit is contained in:
Andrew Eisenberg
parent
88714e3a60
commit
58defc0652
4 changed files with 2 additions and 10 deletions
|
|
@ -98,7 +98,6 @@ interface InitArgs {
|
|||
githubUrl: string;
|
||||
githubAuth: string;
|
||||
githubAuthStdin: boolean;
|
||||
externalRepositoryToken: string | undefined;
|
||||
debug: boolean;
|
||||
}
|
||||
|
||||
|
|
@ -115,10 +114,6 @@ program
|
|||
"--github-auth-stdin",
|
||||
"Read GitHub Apps token or personal access token from stdin."
|
||||
)
|
||||
.option(
|
||||
"--external-repository-token <token>",
|
||||
"A token for fetching external config files and queries if they reside in a private repository."
|
||||
)
|
||||
.option(
|
||||
"--languages <languages>",
|
||||
"Comma-separated list of languages to analyze. Otherwise detects and analyzes all supported languages from the repo."
|
||||
|
|
@ -167,7 +162,6 @@ program
|
|||
|
||||
const apiDetails = {
|
||||
auth,
|
||||
externalRepoAuth: cmd.externalRepositoryToken,
|
||||
url: parseGithubUrl(cmd.githubUrl),
|
||||
};
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue