Add reviewer GitHub token to Cassandra AI Review#6
Conversation
|
The PR title and commit messages are descriptive and accurate. However, adding a brief explanation in the PR description about why this token change is needed would improve transparency for future maintainers. The addition of the token is a standard configuration update for CI tools, though we should always lean towards the principle of least privilege. |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| - name: Run Cassandra AI Review | ||
| uses: menny/cassandra@v0.2.0 | ||
| with: | ||
| reviewer_github_token: ${{ secrets.CODE_REVIEW_ORG_TOKEN }} |
There was a problem hiding this comment.
Evaluate if secrets.CODE_REVIEW_ORG_TOKEN is strictly necessary. GitHub Actions provide a default secrets.GITHUB_TOKEN which is scoped to the repository and usually sufficient. Using an Organization-level token increases the blast radius if the secret is compromised or if the action has a vulnerability. If special permissions are required, document why the default token is insufficient.
1 participant
No description provided.