Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

REQUEST: Repository maintenance on opentelemetry-js-contrib #1814

Closed
pichlermarc opened this issue Nov 21, 2023 · 4 comments
Closed

REQUEST: Repository maintenance on opentelemetry-js-contrib #1814

pichlermarc opened this issue Nov 21, 2023 · 4 comments
Assignees
Labels
area/repo-maintenance Maintenance of repos in the open-telemetry org

Comments

@pichlermarc
Copy link
Member

Affected Repository

https://github.com/open-telemetry/opentelemetry-js-contrib

Requested changes

Purpose

We currently have a workflow that's creating release PRs and releases via the release-please-action and predates the creation of the @opentelemetrybot account. We'd prefer switching to using the bot account so that PRs and releases authored by the automation be properly identified as such.

Expected Duration

permantenly

Repository Maintainers

  • @open-telemetry/javascript-maintainers
@trask
Copy link
Member

trask commented Jan 2, 2024

cc @open-telemetry/technical-committee

@jack-berg
Copy link
Member

Thanks for the ping @trask. Based on this doc, it seems like all that is needed for the @open-telemetry/javascript-maintainers to use @opentelemetrybot to create PRs and releases is to grant the opentelemetry-js-contrib repo access to the OPENTELEMETRYBOT_GITHUB_TOKEN.

However, @pichlermarc requests granting additional permissions to @opentelemetrybot and creating a fine-grained PAT. Why the need for the additional permissions and the separate fine-graned PAT?

@pichlermarc
Copy link
Member Author

Why the need for the additional permissions and the separate fine-graned PAT?

Sorry for the (very) late reply. 😨

We were planning to continue using the https://github.com/google-github-actions/release-please-action, which automatically creates a release PR and the releases in GitHub.

In order for @opentelemetrybot to create these releases, I was under the impression that bot user would need write access for releases in the repository. Due to that additional access, I saw using a fine-grained PAT (scoped to the js-core repo only) as the more secure option.

However, reading #1549 (comment) and the python SIGs release workflow, it looks like we might actually be able to do this without giving the bot additional access. We'll likely be able to use the OPENTELEMETRYBOT_GITHUB_TOKEN to create the release PR, and then the usual GITHUB_TOKEN to create the release.

Let's try with just access to OPENTELEMETRYBOT_GITHUB_TOKEN first. I think you're right @jack-berg, just using that should work fine 🙂

@jack-berg
Copy link
Member

Ok @pichlermarc - I'm sorry for my late reply as well. I'm going to go ahead and close this because it looks like we can get away with using OPENTELEMETRYBOT_GITHUB_TOKEN. Happy to re-open if I'm misunderstanding.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/repo-maintenance Maintenance of repos in the open-telemetry org
Projects
None yet
Development

No branches or pull requests

3 participants