-
Notifications
You must be signed in to change notification settings - Fork 242
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
REQUEST: Repository maintenance on opentelemetry-js-contrib #1814
Comments
cc @open-telemetry/technical-committee |
Thanks for the ping @trask. Based on this doc, it seems like all that is needed for the @open-telemetry/javascript-maintainers to use @opentelemetrybot to create PRs and releases is to grant the However, @pichlermarc requests granting additional permissions to @opentelemetrybot and creating a fine-grained PAT. Why the need for the additional permissions and the separate fine-graned PAT? |
Sorry for the (very) late reply. 😨 We were planning to continue using the https://github.com/google-github-actions/release-please-action, which automatically creates a release PR and the releases in GitHub. In order for @opentelemetrybot to create these releases, I was under the impression that bot user would need write access for releases in the repository. Due to that additional access, I saw using a fine-grained PAT (scoped to the js-core repo only) as the more secure option. However, reading #1549 (comment) and the python SIGs release workflow, it looks like we might actually be able to do this without giving the bot additional access. We'll likely be able to use the Let's try with just access to |
Ok @pichlermarc - I'm sorry for my late reply as well. I'm going to go ahead and close this because it looks like we can get away with using |
Affected Repository
https://github.com/open-telemetry/opentelemetry-js-contrib
Requested changes
Purpose
We currently have a workflow that's creating release PRs and releases via the release-please-action and predates the creation of the @opentelemetrybot account. We'd prefer switching to using the bot account so that PRs and releases authored by the automation be properly identified as such.
Expected Duration
permantenly
Repository Maintainers
The text was updated successfully, but these errors were encountered: