why do we need to pull a $RUNNER_TOKEN

Question

why do we need to pull a $RUNNER_TOKEN

Closed this issue 4 years ago · 2 comments

Hello,

excellent docker image, I'm reading through the code, and I found this piece of code

        RUNNER_TOKEN="$(curl -XPOST -fsSL \
            -H "Authorization: token ${GITHUB_ACCESS_TOKEN}" \
            -H "Accept: application/vnd.github.v3+json" \
            "https://api.github.com/${SCOPE}/${_PATH}/actions/runners/registration-token" |
            jq -r '.token')"

the reason why I asked is that, if we need to go to GitHub anyways either to create a $GITHUB_ACCESS_TOKEN or getting $RUNNER_TOKEN, I think is easier to get $RUNNER_TOKEN

Answer 1 · 2020-07-28T20:45:55.000Z

Hello,

GITHUB_ACCESS_TOKEN doesn't expire whereas RUNNER_TOKEN expires in 1 hour.

By calling the API to dynamically generate this token in the entrypoint script, we ensure that even if the container restarts, it won't fail because the token is expired.

Hope this clarifies.

Answer 2 · 2020-07-28T21:02:13.000Z

yes, it does, thanks for the explanation