Skip to content

Update Ditto authentication to use App ID and Playground Token#247

Closed
Alyssa Evans (alycda) wants to merge 3 commits intodependabot/npm_and_yarn/javascript-tui/undici-6.24.1from
claude/fix-ci-seed-ditto-n7ack
Closed

Update Ditto authentication to use App ID and Playground Token#247
Alyssa Evans (alycda) wants to merge 3 commits intodependabot/npm_and_yarn/javascript-tui/undici-6.24.1from
claude/fix-ci-seed-ditto-n7ack

Conversation

@alycda
Copy link
Member

@alycda Alyssa Evans (alycda) commented Mar 16, 2026

Summary

Updated the Ditto Cloud authentication mechanism across all CI workflows and the seed action to use App ID and Playground Token instead of API Key and API URL.

Key Changes

  • seed-ditto-document action:

    • Replaced ditto-api-key input with ditto-playground-token
    • Replaced ditto-api-url input with ditto-app-id
    • Updated API endpoint construction to use the new format: https://{app-id}.cloud.ditto.live/api/v4/store/execute
    • Updated Authorization header to use the playground token

  • CI Workflows: Updated all 6 workflow files to pass the new secret names:

    • cpp-tui-ci.yml
    • dotnet-tui-ci.yml
    • dotnet-winforms-ci.yml
    • javascript-tui-ci.yml
    • rust-tui-ci.yml
    • Each now references DITTO_APP_ID and DITTO_PLAYGROUND_TOKEN secrets instead of DITTO_API_KEY and DITTO_API_URL

Implementation Details

The API endpoint URL is now constructed dynamically using the App ID as a subdomain prefix, eliminating the need for a separate API URL configuration. This simplifies the authentication setup and aligns with Ditto Cloud's current authentication standards.

https://claude.ai/code/session_01TPYeFrThWGY2KgASaZZ83D

dependabot bot and others added 2 commits March 16, 2026 15:19
@dependabot
build(deps): bump undici from 6.23.0 to 6.24.1 in /javascript-tui
54314c1 
Bumps [undici](https://github.com/nodejs/undici) from 6.23.0 to 6.24.1.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v6.23.0...v6.24.1)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 6.24.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@claude
fix: use DITTO_APP_ID and DITTO_PLAYGROUND_TOKEN in seed-ditto-docume…
47e5fd0 
…nt action

The DITTO_API_KEY and DITTO_API_URL secrets were not configured in the
repository, causing the curl command to fail with exit code 6 (empty
host/token). Switch to the existing DITTO_APP_ID and DITTO_PLAYGROUND_TOKEN
secrets, constructing the API URL as {app-id}.cloud.ditto.live.

Updates the action inputs and all 5 affected workflows.

https://claude.ai/code/session_01TPYeFrThWGY2KgASaZZ83D
@alycda Alyssa Evans (alycda) added the javascript Pull requests that update javascript code label Mar 16, 2026
@alycda Alyssa Evans (alycda) marked this pull request as ready for review March 16, 2026 15:31
@alycda Alyssa Evans (alycda) requested a review from a team as a code owner March 16, 2026 15:31
@alycda Alyssa Evans (alycda) requested review from Hamilton Chapman (hamchapman) and removed request for a team March 16, 2026 15:31
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/javascript-tui/undici-6.24.1 branch from 54314c1 to 5f4c829 Compare March 16, 2026 15:35
Copilot AI reviewed Mar 16, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the Ditto Cloud seeding/authentication used by the seed-ditto-document composite action and a subset of CI workflows to authenticate via App ID + Playground Token and to construct the API endpoint from the App ID.

Changes:

  • Updated .github/actions/seed-ditto-document inputs and request construction to use ditto-app-id + ditto-playground-token.
  • Updated multiple CI workflows to pass DITTO_APP_ID / DITTO_PLAYGROUND_TOKEN into the seed action instead of DITTO_API_URL / DITTO_API_KEY.
  • Included javascript-tui/package-lock.json changes that modify resolved dependencies (e.g., undici bump).

Reviewed changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
.github/actions/seed-ditto-document/action.yml Swaps seed action auth inputs to App ID + Playground Token and changes the constructed Ditto API URL.
.github/workflows/cpp-tui-ci.yml Passes new seed action inputs (DITTO_APP_ID, DITTO_PLAYGROUND_TOKEN).
.github/workflows/dotnet-tui-ci.yml Passes new seed action inputs (DITTO_APP_ID, DITTO_PLAYGROUND_TOKEN).
.github/workflows/dotnet-winforms-ci.yml Passes new seed action inputs (DITTO_APP_ID, DITTO_PLAYGROUND_TOKEN).
.github/workflows/javascript-tui-ci.yml Passes new seed action inputs (DITTO_APP_ID, DITTO_PLAYGROUND_TOKEN).
.github/workflows/rust-tui-ci.yml Passes new seed action inputs (DITTO_APP_ID, DITTO_PLAYGROUND_TOKEN).
javascript-tui/package-lock.json Updates lockfile resolution (includes an undici version bump and removal of a top-level react-devtools-core entry).
Files not reviewed (1)
  • javascript-tui/package-lock.json: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

javascript-tui/package-lock.json
Comment on lines +13208 to 13212
"version": "6.24.1",
"resolved": "https://registry.npmjs.org/undici/-/undici-6.24.1.tgz",
"integrity": "sha512-sC+b0tB1whOCzbtlx20fx3WgCXwkW627p4EA9uM+/tNNPkSS+eSEld6pAs9nDv7WbY1UUljBMYPtu9BCOrCWKA==",
"license": "MIT",
"peer": true,
@claude
fix: migrate remaining workflows from DITTO_API_KEY/URL to existing s…
44f5e87 
…ecrets

Per Copilot review: 11 more workflows had inline curl calls still using
the non-existent DITTO_API_KEY and DITTO_API_URL secrets. Migrate them
all to DITTO_PLAYGROUND_TOKEN and construct the URL from DITTO_APP_ID.

Also apply curl robustness fix from Copilot review: use -fSs instead of
-s so network/DNS/TLS failures fail fast rather than producing empty
responses that cause misleading HTTP_CODE parsing. Add set -euo pipefail
to the reusable action.

https://claude.ai/code/session_01TPYeFrThWGY2KgASaZZ83D
busec0
Bulzan Sergiu (busec0) requested changes Mar 18, 2026
View reviewed changes
Copy link
Member

@busec0 Bulzan Sergiu (busec0) left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This failed because Dependabot did not have access to the secrets, not because our authentication was faulty. Can probably be closed.

@dependabot dependabot bot deleted the branch dependabot/npm_and_yarn/javascript-tui/undici-6.24.1 March 18, 2026 15:37
@dependabot dependabot bot closed this Mar 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@busec0 Bulzan Sergiu (busec0) busec0 requested changes

@hamchapman Hamilton Chapman (hamchapman) Awaiting requested review from hamchapman hamchapman was automatically assigned from getditto/sdk-engineers

Assignees

No one assigned

Labels

javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@alycda @busec0 @claude