-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pack bootstrap workflow #172
Conversation
Depends on StackStorm-Exchange/ci#133 |
I really like the ideas and process described, which will help a lot in maintaining the Exchange in an automated way. Thanks for the research! |
git pull did nothing because it could not find a common ancestor
After thinking more about this, adding additional users as maintainers via Github comments has many edge cases and I think would be more a security risk rather than helpful. However, adding the initial contributor as a pack maintainer automatically, as part of the Bootstrap Pack workflow would be perfectly nice. |
This is logically complete, but now I need to figure out how to test StackStorm-Exchange/ci#133 and this. It'll probably involve playing around in another org. Hmm. |
repo scope is required to set protected branch settings.
There we have it. This workflow is now complete. Once StackStorm-Exchange/ci#133 is merged, this can be merged. Check out my final test run here: https://github.com/st2sandbox/exchange-incubator/runs/6501905579?check_suite_focus=true
I slightly cleaned up the comments after that test run. |
The secrets are ready on this repo. So, once this is merged, we'll be able to use it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very nice!
OK. I reviewed the various scripts (like exchange-bootstrap.sh) and #7 to create the general outline of some workflows we could use to create and configure new exchange packs.
overall process:
!bootstrap pack
on the Incubator PRBootstrap Pack from PR
workflowOn Incubator PR, add comment!add pack maintainers ...
(format/contents of...
TBD)GHA runsAdd Pack Maintainers
workflowedit: steps 7 and 8 are out-of-scope for this PR. Looks like that will be "have a senior maintainer setup the groups and user access".
We might be able to use PR labels to trigger this instead of issue comments. For now, I've just used a chatops-esque issue comment.
This will require a PAT that gives admin access to the exchange (permissions:
repo
,admin:org
).We will probably need a separate bot account for that since stackstorm-neptr does not have admin access any more. That bot account will probably also need an ssh key that it can use the key to push and pull.The PAT
and ssh private keyonly needs to be available in the secrets for this one repo. So, this should not be a significant maintenance burden; unlike how we created one PAT for each pack repo for use in CircleCI, which was a nightmare, this should require minimal maintenance.