Skip to content

LSIF: automatically generate LSIF upload token at upload time

Warren Gifford requested to merge lsif-auto-token into master

Created by: chrismwendt

This implements the roadmap item:

Solution to authorize LSIF data uploads on sourcegraph.com that has good UX and doesn’t feel hacky (e.g. GitHub action).

This runs through the challenge/verification flow on the fly at upload time:

  • Get topics
  • Get the challenge from Sourcegraph
  • Set topics to old+challenge
  • Ask Sourcegraph to verify and return a token
  • Restore old topics

GitHub actions already have a GITHUB_TOKEN environment variable set https://help.github.com/en/articles/virtual-environments-for-github-actions#github_token-secret which means users only have to set -upload-token=!github.com. This doesn't require the user to grant Sourcegraph any permissions. Any other thoughts/ideas? 💭

More context: https://sourcegraph.slack.com/archives/CHXHX7XAS/p1571339621085300

cc @felixfbecker

Merge request reports