Scope ANDROID_TEAM_PAT to weekly-stable-updates environment#1474
Merged
jonathanpeppers merged 1 commit intoJun 17, 2026
Conversation
Adds an �nvironment: weekly-stable-updates reference to the create-weekly-issue job so the ANDROID_TEAM_PAT secret resolves from an environment-scoped secret rather than a repo-level secret. This lets us apply environment protection rules (reviewers, branch restrictions) to the PAT. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR scopes the ANDROID_TEAM_PAT secret to a GitHub Actions Environment so that access can be governed by environment protection rules instead of being available as a repository-level secret to all workflows.
Changes:
- Adds
environment: weekly-stable-updatesto thecreate-weekly-issuejob in the weekly workflow, so${{ secrets.ANDROID_TEAM_PAT }}resolves from that environment’s secret store.
simonrozsival
approved these changes
Jun 17, 2026
jonathanpeppers
deleted the
jonathanpeppers/scope-android-team-pat-to-env
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Our
ANDROID_TEAM_PATsecret needs to live behind an environment so we can apply protection rules (reviewers, branch restrictions, etc.) instead of exposing it as a plain repo-level secret to every workflow.This adds
environment: weekly-stable-updatesto thecreate-weekly-issuejob in.github/workflows/weekly-stable-updates.yml. The existing${{ secrets.ANDROID_TEAM_PAT }}reference now resolves from that environment's secret store.Follow-up required before this is functional: create a
weekly-stable-updatesenvironment in repo Settings -> Environments and add theANDROID_TEAM_PATsecret there. Until that's done, the "Assign issue to Copilot" step will fail to authenticate.