-
Notifications
You must be signed in to change notification settings - Fork 230
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
REQUEST: Repository maintenance on opentelemetry-dotnet & opentelemetry-dotnet-contrib #2127
Comments
would this work for you? https://github.com/open-telemetry/community/blob/main/assets.md#opentelemetry-bot (several other OpenTelemetry repos are using this approach for automations: https://github.com/search?q=org%3Aopen-telemetry+OPENTELEMETRYBOT_GITHUB_TOKEN+language%3AYAML&type=code) |
@trask I will try it out and report back. |
So I got everything to work using opentelemetrybot: open-telemetry/opentelemetry-dotnet#5662 The big challenge I faced is trying to test everything via forks is very heavy lifting. I had to create my own org. I had to create my own bot account. I had to try and get everything as close as possible to the real things. I had to make the actual automation fully configurable so forks can use different accounts/users to support testing scenarios. I'll have to document this whole mess so others can work on it in the future. The app approach above is much easier to work with IMO. For a fork you can create an app in your personal account and install it into your forks. You can give that app fine-grained access to whatever it needs to do (more so than the PAT). When you need a token you ask the app for one based on the specific thing you need to do in a workflow and when the workflow is done that token is revoked. No ephemeral PAT needed, no user accounts needed. I think it is worth looking at for the org as a better solution overall. That being said, I'm fine living with this opentelemetrybot. |
@CodeBlanch you might be interested in this SIG/project proposal by @austinlparker: My personal opinion on that matter is, that if we have an app, it should not be exclusive to a single repository and we should rather look into generalizing solutions across repositories. |
Definitely agree with this in general. For this "use an app for granting permissions to automation" case though we may want to look closely at the implications. Let's say this app is installed in dotnet, dotnet-contrib, and java repos. The app will need permission to do everything required by automation for those repos. In dotnet we need to create branches, push commits, open PRs, create releases, and kick off actions. Let's say in java it needs to do package management. If we share an app, suddenly dotnet & dotnet-contrib can do package management. Also dotnet will be able to perform things in java's repo. Some isolation in this case I think is a good thing. Keeps the scope of permissions down and limits which repos can interact with each other. Just food for thought! |
moving from |
Affected Repository
Requested changes
I have three things I need done. See
Purpose
section for details.Purpose
I am working on automating the release process and a bunch of maintenance tasks for dotnet. There are a lot of steps. We open PRs. Create Releases. Push tags. Invoke workflows in contrib repo.
The challenge is when these things are done via GitHub actions they don't trigger other workflows. There are a few recommendations published by GitHub to solve this: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#workarounds-to-trigger-further-workflow-runs
The one I am attempting to implement with this app is: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#authenticating-with-github-app-generated-tokens
I don't like the Personal Access Token (PAT) approach because everything will look like it is being done by a person (probably me) and the tokens expire. SSH key only works for pushes. Machine account won't work for kicking off workflows in contrib.
The release process is like this (noted where tokens will help)...
Expected Duration
Permanent
Repository Maintainers
@open-telemetry/dotnet-maintainers
The text was updated successfully, but these errors were encountered: