Skip to content

docs(ci): clarify why GitHub App auth is used for cross-org repos#1447

Merged
ramsessanchez merged 3 commits into
mainfrom
ramsessanchez/clarify-github-app-auth-comments
Jul 10, 2026
Merged

docs(ci): clarify why GitHub App auth is used for cross-org repos#1447
ramsessanchez merged 3 commits into
mainfrom
ramsessanchez/clarify-github-app-auth-comments

Conversation

@ramsessanchez

@ramsessanchez ramsessanchez commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Summary

Follow-up to #1442. Clarifies the comments/documentation around the useGitHubAppAuth path so the distinctions we landed on are explicit and not misleading.

Note: this is a doc-only follow-up to #1442. The original comments implied the target repo being public is what drives the switch to GitHub App auth. It isn't - the other SDK repos are public too. The real driver is that the target repo lives in a different GitHub org than the shared service connection covers, which historically required its own PAT-backed connection; the flag removes that PAT by reusing the GitHub App identity that already opens the PRs. Public visibility only enables the anonymous, credential-free clone - it is not why App auth is used.

Changes

  • language-generation-kiota.yml: rewrote the useGitHubAppAuth param comment to lead with the cross-org / PAT-elimination rationale and add an explicit note that repo visibility is not the selector; reworded the anonymous-clone step comment to frame public visibility as the enabler of credential-free reads rather than the reason for App auth.
  • scripts/set-app-token-push-url.ps1: reframed the header so push-only URL rewriting reads as a deliberate optimization for public repos, not a requirement of App auth.

No behavioral changes - comments/documentation only.

Microsoft Reviewers: Open in CodeFlow

Reword the useGitHubAppAuth comments and set-app-token-push-url.ps1
header so they no longer imply repo visibility is what selects App
auth. Make clear the real driver is a target repo living in a
different org than the shared service connection covers (which would
otherwise need its own PAT), and that public visibility only enables
the anonymous clone / credential-free read, not App auth itself.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot-Session: e612601e-259f-4cfe-8924-337af9663c80
@ramsessanchez ramsessanchez requested a review from a team as a code owner July 10, 2026 21:34
@ramsessanchez ramsessanchez merged commit 83d711f into main Jul 10, 2026
4 of 5 checks passed
@ramsessanchez ramsessanchez deleted the ramsessanchez/clarify-github-app-auth-comments branch July 10, 2026 22:35
@ramsessanchez

Copy link
Copy Markdown
Contributor Author

comments only change, merging

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant