Android & KMP danger tokens#70
Merged
Merged
Conversation
This change introduces a dedicated input for a GitHub token to be used by Danger, enabling more granular permission control and improved security in CI workflows. It also updates the `ios-fastlane-test` action to use this dedicated token.
ssestak
approved these changes
Nov 12, 2025
| danger_id: 'danger-pr' | ||
| env: | ||
| DANGER_GITHUB_API_TOKEN: ${{ github.token }} | ||
| DANGER_GITHUB_API_TOKEN: ${{ inputs.github_token_danger || github.token }} |
Collaborator
There was a problem hiding this comment.
If I am not mistaken if you not pass token to Danger it will still use the "default one". It have build-in fallback logic to use github.token.
Member
Author
There was a problem hiding this comment.
Even if I pass empty string? (I believe that non-existent input gets resolved into empty string)
Member
Author
There was a problem hiding this comment.
Well nvm let's try it that way
The Danger action should always use the `github_token_danger` input, removing the fallback to `github.token` to prevent authorization issues.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR introduces a dedicated input for the GitHub token used by Danger in Android and KMP iOS workflows. This allows for more explicit control and potential customization of Danger's permissions. Workflows are updated to utilize a new
GITHUB_TOKEN_DANGERsecret.Key Features:
github_token_dangerinput to theandroid-checkaction.android-checkto useinputs.github_token_dangeror fallback togithub.token.android-cloud-check.ymlto passsecrets.GITHUB_TOKEN_DANGERto theandroid-checkaction.ios-kmp-selfhosted-test.ymlto usesecrets.GITHUB_TOKEN_DANGERfor theios-fastlane-testaction.Token Usage Changes:
.github/actions/android-check/action.ymlgithub.token.github/workflows/android-cloud-check.ymlgithub.tokenvia action)secrets.GITHUB_TOKEN_DANGERpassed asgithub_token_dangerinput.github/workflows/ios-kmp-selfhosted-test.ymlsecrets.GITHUB_TOKENsecrets.GITHUB_TOKEN_DANGER