Update otel bot permissions

[svrnm]

Related to #2234

Updated: This is required for #2277, needed by @open-telemetry/javascript-maintainers: "read:org permission would allow us to update descriptions for PRs opened by @opentelemetrybot. Recently we added a workflow to automatically create release PRs, but the workflow can't edit the description of its own PR without read:org."

[jack-berg]

FYI, I've already assigned this scope to the OpenTelemetry bot. If we end up not accepting this PR, we should revert the scope.

[jack-berg]

FYI, I've reverted the read:org permission from the opentelemetrybot org secret token, since it seems like we're likely to go in a different direction than this.

[pichlermarc]

FYI, I've reverted the read:org permission from the opentelemetrybot org secret token, since it seems like we're likely to go in a different direction than this.

We (OTel JS SIG) would actually appreciate having the read:org permission. 🙂

It would allow us to update descriptions for PRs opened by @opentelemetrybot. Recently we added a workflow to automatically create release PRs, the workflow can't edit the description of its own PR without read:org permissions.

See open-telemetry/opentelemetry-js#4849, https://github.com/open-telemetry/opentelemetry-js/actions/runs/10195580438/job/28204768571#step:8:389

[trask]

We (OTel JS SIG) would actually appreciate having the read:org permission.

I think it's ok to give @opentelemetrybot the read:org permission

from https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps#available-scopes, read:org is:

Read-only access to organization membership, organization projects, and team membership.

and @opentelemetrybot doesn't have any special read privileges to the @open-telemetry org (it is just a normal org member).

@pichlermarc can you open a repository maintenance issue in this repo and we can see if there's agreement from others?

[pichlermarc]

@pichlermarc can you open a repository maintenance issue in this repo and we can see if there's agreement from others?

Sure thing - opened #2277 just now. Thanks 🙌

[trask]

FYI, I've reverted the read:org permission from the opentelemetrybot org secret token, since it seems like we're likely to go in a different direction than this.

@jack-berg can you re-revert it now that we need it for #2277? (and then also we can re-test without triage permission in the website repo)

[jack-berg]

@jack-berg can you re-revert it now that we need it for #2277? (and then also we can re-test without triage permission in the website repo)

done

[trask]

@open-telemetry/technical-committee @open-telemetry/governance-committee please review this PR, we want to move forward with it again, thanks

[tigrannajaryan]

@open-telemetry/technical-committee @open-telemetry/governance-committee please review this PR, we want to move forward with it again, thanks

I am confused about what is being added after reverts and re-reverts :-)

@svrnm can you please update the PR description to clarify the change, why and what is being changed?

[svrnm]

I am confused about what is being added after reverts and re-reverts :-)
@svrnm can you please update the PR description to clarify the change, why and what is being changed?

I am confused as well, but if I understand it correctly the JS SIG wants to have the permissions I listed here, so the PR content should be good? Trying to update the description to reflect that

[pichlermarc]

I am confused as well, but if I understand it correctly the JS SIG wants to have the permissions I listed here, so the PR content should be good?

Yes that is correct - the content of this PR now accurately reflects what the current permissions are (and they align with what the JS SIG needs). 🙂

[trask]

@open-telemetry/technical-committee @open-telemetry/governance-committee the PR description is updated and ready for review, thanks!