From 88b0e5488339a2114ebe4cce796b6e0e6ff973fa Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 23 May 2026 07:18:45 +0000 Subject: [PATCH] docs: document Buildkite ingress secret Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- docs/workflows/oblt-aw-ingress.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/workflows/oblt-aw-ingress.md b/docs/workflows/oblt-aw-ingress.md index 720a8a90..70ae64a6 100644 --- a/docs/workflows/oblt-aw-ingress.md +++ b/docs/workflows/oblt-aw-ingress.md @@ -9,7 +9,9 @@ This is the reusable orchestration entrypoint for `oblt-aw`. It routes to specia ## Prerequisites - Called by consumer workflows using `workflow_call`. -- Optional secret: `COPILOT_GITHUB_TOKEN`. +- Optional secrets: + - `COPILOT_GITHUB_TOKEN` + - `BUILDKITE_API_TOKEN` (used only by the `estc-pr-buildkite-detective` route) ## Usage @@ -233,6 +235,7 @@ Top-level permissions (matches [.github/workflows/oblt-aw-ingress.yml](../../.gi Interface exposed through `workflow_call`: - Secret: `COPILOT_GITHUB_TOKEN` (`required: false`) +- Secret: `BUILDKITE_API_TOKEN` (`required: false`, used by `estc-pr-buildkite-detective`) ## Examples @@ -246,6 +249,8 @@ jobs: COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_GITHUB_TOKEN }} ``` +If you enable the `estc-pr-buildkite-detective` route, also map `BUILDKITE_API_TOKEN` from your consumer secret (commonly named `BUILDKITE_LOGS_API_TOKEN`). + ## References - [workflow-registry.json](../../config/obs/workflow-registry.json) (canonical Observability workflow ids for the Control Plane Dashboard; other orgs use `config//workflow-registry.json`)