fix: address PR review comments and CI failures

vaind · claude · vaind · commit 1a45fdae88e3 · 2025-09-22T11:39:00.000+02:00
Fix composite action issues identified in review: 1. updater/action.yml: - Fix secrets.GITHUB_TOKEN reference to use inputs.api-token instead - Composite actions cannot access secrets context directly - GH_TOKEN now properly uses the api-token input parameter 2. danger/action.yml: - Add volume mount for GitHub event file: --volume ${{ github.event_path }}:${{ github.event_path }} - This ensures Danger has access to pull request context data - Fixes 'Cannot read property pull_request of undefined' error These changes resolve the CI test failures and address the security concern raised by seer-by-sentry bot about incorrect secrets usage. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/danger/action.yml b/danger/action.yml
@@ -23,6 +23,7 @@ runs:
         docker run \
           --volume ${{ github.workspace }}:/github/workspace \
           --volume ${{ github.action_path }}:${{ github.action_path }} \
+          --volume ${{ github.event_path }}:${{ github.event_path }} \
           --workdir /github/workspace \
           --user $UID \
           -e "INPUT_ARGS" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e GITHUB_ACTIONS=true -e CI=true \
diff --git a/updater/action.yml b/updater/action.yml
@@ -134,7 +134,7 @@ runs:
       if: ${{ ( steps.target.outputs.latestTag != steps.target.outputs.originalTag ) && ( steps.root.outputs.changed == 'false') }}
       id: existing-pr
       env:
-        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        GH_TOKEN: ${{ inputs.api-token }}
       shell: pwsh
       run: |
         $urls = @(gh api 'repos/${{ github.repository }}/pulls?base=${{ steps.root.outputs.baseBranch }}&head=${{ github.repository_owner }}:${{ steps.root.outputs.prBranch }}' --jq '.[].html_url')
