Skip to content

CERT-9316 | Stop using PAT #208

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ozcodes wants to merge 13 commits into
base: master
Choose a base branch
from
Open

CERT-9316 | Stop using PAT #208

ozcodes wants to merge 13 commits into from

Conversation

@ozcodes
Copy link
Contributor

@ozcodes ozcodes commented Feb 4, 2026
edited
Loading

Stop using github PAT used by ReportAnalyzer.

  • Use secure-repo-access orb to generate temporary github tokens.
  • Upgrade cvt image version to the latest version with python3.11 (required by the orb)
  • Change pip3.11 to pip
  • Add secure_repo_access context (github app private key) to examples-regtest jobs.

@ozcodes ozcodes requested a review from Copilot February 4, 2026 18:23
Copilot AI reviewed Feb 4, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR transitions from using Personal Access Tokens (PAT) to a more secure repository access method by integrating the certora/secure-repo-access orb in CircleCI configuration.

Changes:

  • Added the secure-repo-access orb to replace PAT-based authentication
  • Updated the ReportAnalysis package installation to use a specific branch
  • Modified multiple workflow contexts to include secure_repo_access alongside aws_staging

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.circleci/config.yml Outdated
name: Install ReportAnalysis package and execute ReportAnalyzer
command: |
pip3.11 install git+ssh://git@github.com-reportanalysis/Certora/ReportAnalysis.git
pip3.11 install git+ssh://git@github.com-reportanalysis/Certora/ReportAnalysis.git@oz/pat
Copy link

Copilot AI Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The branch name 'oz/pat' suggests this is related to PAT (Personal Access Token), which contradicts the PR's purpose of removing PAT usage. Consider renaming this branch to better reflect its purpose with the new secure access method.

Suggested change
pip3.11 install git+ssh://git@github.com-reportanalysis/Certora/ReportAnalysis.git@oz/pat
pip3.11 install git+ssh://git@github.com-reportanalysis/Certora/ReportAnalysis.git@oz/secure-access

Copilot uses AI. Check for mistakes.
Copilot AI reviewed Feb 5, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@ozcodes ozcodes changed the title Stop using PAT CERT-9316 | Stop using PAT Feb 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@yoav-el-certora yoav-el-certora Awaiting requested review from yoav-el-certora

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ozcodes