-
Notifications
You must be signed in to change notification settings - Fork 238
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
REQUEST: Repository maintenance on opentelemetry-collector-contrib #1659
Comments
Can I get any help on this? We are missing CI checks because of this, and it created regressions in our repository, specifically open-telemetry/opentelemetry-collector-contrib#27267 |
@open-telemetry/technical-committee who has access to opentelemetry-bot? |
@atoulme what are the permissions you need? |
I have, and I'm looking into this right now. I'm struggling to figure out exactly which permissions are needed. |
It needs "read:org, read:user" |
I was able to generate the token, but I can't seem to be able to create the secret in that repo 🤦🏽 I guess someone from the TC will have to do both steps. @tigrannajaryan, would you do the honors? |
ya, this is the motivation behind #1652 |
@jpkrohling can you put the secret in our 1password, give me access to it and tell me what setting do you want in the repo to be updated? |
Sorry for taking so long, I lost track of this one. I just created an entry in our 1password, within the OpenTelemetry Collector vault. I also added you to that vault, as I wasn't sure you'd have access to it. Given you are part of the TC, I believe you should. @atoulme, other than the secret, do you need anything else updated in this repo? |
@atoulme please tell what exactly you need to be done on the repo, I am not sure I understand. |
I need a secret containing a PAT with the permissions "read:org, read:user" that we can reference as a secret in a github action runners workflow so we can query members of the organization to check codeowners. |
@atoulme I added OTEL_BOT_PASSWORD and OTEL_BOT_USERNAME to https://github.com/open-telemetry/opentelemetry-collector-contrib/settings/secrets/actions |
Thanks working with that. |
Closing since @atoulme confirm it works. |
Sorry, it didn't work. I just never had time to get back into this. |
reopening @atoulme can you provide any more details / logs / errors that might help? |
The gh client doesn't work with username and password of the user. It would be best to remove those secrets from the repository, in case someone finds a way to abuse our checks and use those to login as opentelemetry-bot. Here is what I would need. Logged in as the opentelemetry-bot user, you can generate a token using the following steps:
|
hello folks, any upate on this issue? |
Hi @atoulme! Are you saying that the new PAT should replace the existing secrets |
@tigrannajaryan I see a PAT called |
@arminru I think yes, that's it, but I can't remember for certain. |
@atoulme I re-generated the aforementioned token and stored it under |
OK, I will try this out. I appreciate the help! |
This PR introduces a check backed by a github token that tests the content of .github/CODEOWNERS against the metadata of all the components. Given that a token is used, and won't be present in builds running with forks, this check is only made on the main branch of the repository `open-telemetry/opentelemetry-collector-contrib`. As such, I can't really test if it all works. The token is provisioned by open-telemetry/community#1659. More context in #30552
It worked! We're good now. Thanks for all your help, closing. |
Affected Repository
https://github.com/open-telemetry/opentelemetry-collector-contrib
Requested changes
Add a new PAT from the opentelemetry-bot with specific permissions to query the Github API for organization members.
Purpose
We are rolling out a tool that needs to get access to organization members list to check for codeowners.
See open-telemetry/opentelemetry-collector-contrib#20868 and open-telemetry/opentelemetry-collector-contrib#24638
Expected Duration
Permanently.
Repository Maintainers
The text was updated successfully, but these errors were encountered: