Skip to content

Add scope property to credentials metadata json object#1722

Merged
AbhishekBhaskar merged 2 commits into
mainfrom
abhishekbhaskar/add-scope-credential-metadata
Jun 22, 2026
Merged

Add scope property to credentials metadata json object#1722
AbhishekBhaskar merged 2 commits into
mainfrom
abhishekbhaskar/add-scope-credential-metadata

Conversation

@AbhishekBhaskar

@AbhishekBhaskar AbhishekBhaskar commented Jun 21, 2026

Copy link
Copy Markdown
Contributor

Adds support for a scope field on credentials-metadata, allowing registries to specify a package scope (e.g., @mycompany). This follows the same pattern as replaces-base.

Changes

  • Added scope?: string to the Credential type
  • Included scope in credentials-metadata generation when present on a credential
  • Added scope to the non-secrets list so it is not masked in logs
  • Added tests for both the metadata generation and secret masking behavior

Example

credentials-metadata:
  - type: npm_registry
    registry: jfrogghdemo.jfrog.io/artifactory/api/npm/dpndbt-pvt-repo-npm-key/
    scope: "@mycompany"

@AbhishekBhaskar AbhishekBhaskar self-assigned this Jun 21, 2026
Copilot AI review requested due to automatic review settings June 21, 2026 23:19
@AbhishekBhaskar AbhishekBhaskar requested a review from a team as a code owner June 21, 2026 23:19
GitHub Advanced Security started work on behalf of AbhishekBhaskar June 21, 2026 23:19 View session
GitHub Advanced Security finished work on behalf of AbhishekBhaskar June 21, 2026 23:20
Copilot AI reviewed Jun 21, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds support for a scope field in credentials metadata so registries (notably npm registries) can specify a package scope (e.g., @mycompany) and ensures the value is not treated as a secret for log masking.

Changes:

  • Adds scope?: string to the Credential type.
  • Includes scope in credentials-metadata generation when present.
  • Updates secret masking logic and tests to ensure scope is not masked.
Show a summary per file
File Description
src/api-client.ts Extends the Credential type to include optional scope.
src/updater.ts Adds scope to generated credentials-metadata objects.
src/main.ts Adds scope to the “non-secrets” allowlist for masking.
__tests__/updater.test.ts Adds coverage verifying scope is emitted in credentials-metadata.
__tests__/main.test.ts Adds coverage verifying scope is not passed to core.setSecret.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 5/5 changed files
  • Comments generated: 1

Comment thread src/updater.ts
GitHub Advanced Security started work on behalf of AbhishekBhaskar June 22, 2026 05:38 View session
@AbhishekBhaskar AbhishekBhaskar merged commit e5a03cb into main Jun 22, 2026
9 of 10 checks passed
@AbhishekBhaskar AbhishekBhaskar deleted the abhishekbhaskar/add-scope-credential-metadata branch June 22, 2026 18:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@kbukum1 kbukum1 kbukum1 approved these changes

Assignees

@AbhishekBhaskar AbhishekBhaskar

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@AbhishekBhaskar @kbukum1