forked from silvanocerza/github-gitless-sync
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
43 lines (40 loc) · 1.91 KB
/
Copy path.env.example
File metadata and controls
43 lines (40 loc) · 1.91 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# Copy this file to .env.test and fill in real values.
# .env.test is gitignored — never commit real tokens.
#
# Two tokens are used by the integration suite, with deliberately
# different blast radii:
#
# 1. GITHUB_TOKEN — fine-grained PAT, scoped to the PRIVATE test repo
# only. Used by every test EXCEPT bootstrap (B/C/D/E series, plus
# A3 first-sync-from-remote). Cannot create or delete repos.
#
# 2. GITHUB_BOOTSTRAP_TOKEN — classic PAT with the `public_repo` scope.
# Used ONLY by bootstrap tests (A1, A2). The bootstrap repo is
# public and gets created+deleted per test, so a leak's worst case
# is "someone deletes a public test repo we'd recreate anyway".
# No private data ever flows through this token.
#
# To create the fine-grained PAT:
# GitHub → Settings → Developer settings → Personal access tokens
# → Fine-grained tokens → Generate new token
# Repository access: only the test repo named below.
# Permissions:
# - Contents: Read and write (always required)
# - Metadata: Read (auto-required)
#
# To create the classic PAT:
# GitHub → Settings → Developer settings → Personal access tokens
# → Tokens (classic) → Generate new token
# Note: "github-easy-sync bootstrap tests"
# Expiration: 30-90 days; rotate on schedule.
# Scopes: ONLY these two (nothing else):
# - `public_repo` (create + read/write public repos)
# - `delete_repo` (delete repos — needed for recreate strategy)
GITHUB_TOKEN=github_pat_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
GITHUB_BOOTSTRAP_TOKEN=ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
INT_TEST_OWNER=your-github-username
INT_TEST_REPO=github-gitless-sync-int-test
INT_BOOTSTRAP_TEST_REPO=github-gitless-sync-bootstrap-test
# Prefix for the per-test branches we create+delete. Anything matching
# this pattern in the test repo is fair game for cleanup.
INT_TEST_BRANCH_PREFIX=int-test