Skip to content

fix: add workflow_dispatch to audit + revoke bootstrap PAT#99

Merged
datasciencemonkey merged 2 commits into
mainfrom
fix/workflow-dispatch-and-bootstrap-pat-cleanup
Apr 5, 2026
Merged

fix: add workflow_dispatch to audit + revoke bootstrap PAT#99
datasciencemonkey merged 2 commits into
mainfrom
fix/workflow-dispatch-and-bootstrap-pat-cleanup

Conversation

@datasciencemonkey
Copy link
Copy Markdown
Owner

@datasciencemonkey datasciencemonkey commented Apr 5, 2026
edited
Loading

Closes #97, closes #98

Summary

  • Add workflow_dispatch trigger to dependency-audit.yml so it can be run on-demand from the Actions tab
  • Add revoke_bootstrap_tokens() to PATRotator — after the first successful rotation, lists all pre-existing tokens and revokes them (including the bootstrap PAT the user pasted)
  • Wire it up in app.py PAT submission handler: called immediately after first _rotate_once() succeeds

Test plan

  • All 19 existing test_pat_rotator.py tests pass
  • Deploy to app, paste bootstrap PAT, verify rotation succeeds and bootstrap PAT is revoked in logs
  • Verify "Run workflow" button appears on dependency-audit workflow in Actions tab

@datasciencemonkey
fix: add workflow_dispatch to audit + revoke bootstrap PAT (#97, #98)
737c753 
- Add workflow_dispatch trigger to dependency-audit.yml so it can be
  run on-demand from the GitHub Actions tab
- After the first successful PAT rotation, list all pre-existing tokens
  and revoke them (including the bootstrap PAT the user pasted). This
  ensures no stale tokens sit around after the app has its own
  controlled short-lived token.
@datasciencemonkey datasciencemonkey self-assigned this Apr 5, 2026
@datasciencemonkey
fix: revoke only the bootstrap PAT, not all existing tokens
79d4996 
Instead of revoking every token except the freshly minted one (which
nuked the user's other PATs for notebooks, CI, etc.), identify the
bootstrap PAT as the most-recently-created token without a
"coda-auto-rotated" comment and revoke only that one.
@datasciencemonkey datasciencemonkey merged commit bdb838d into main Apr 5, 2026
@datasciencemonkey datasciencemonkey deleted the fix/workflow-dispatch-and-bootstrap-pat-cleanup branch April 5, 2026 23:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@datasciencemonkey datasciencemonkey

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

fix: revoke bootstrap PAT after first successful rotation fix: add workflow_dispatch to dependency-audit workflow

1 participant

@datasciencemonkey