REQUEST: Repository maintenance on opentelemetry-collector-contrib #1659
Comments
atoulme
added
the
area/repo-maintenance
|
Can I get any help on this? We are missing CI checks because of this, and it created regressions in our repository, specifically open-telemetry/opentelemetry-collector-contrib#27267 |
|
@open-telemetry/technical-committee who has access to opentelemetry-bot? |
@atoulme what are the permissions you need? |
|
I have, and I'm looking into this right now. I'm struggling to figure out exactly which permissions are needed. |
|
It needs "read:org, read:user" |
|
I was able to generate the token, but I can't seem to be able to create the secret in that repo 🤦🏽 I guess someone from the TC will have to do both steps. @tigrannajaryan, would you do the honors? |
ya, this is the motivation behind #1652 |
@jpkrohling can you put the secret in our 1password, give me access to it and tell me what setting do you want in the repo to be updated? |
|
Sorry for taking so long, I lost track of this one. I just created an entry in our 1password, within the OpenTelemetry Collector vault. I also added you to that vault, as I wasn't sure you'd have access to it. Given you are part of the TC, I believe you should. @atoulme, other than the secret, do you need anything else updated in this repo? |
|
@atoulme please tell what exactly you need to be done on the repo, I am not sure I understand. |
|
I need a secret containing a PAT with the permissions "read:org, read:user" that we can reference as a secret in a github action runners workflow so we can query members of the organization to check codeowners. |
|
@atoulme I added OTEL_BOT_PASSWORD and OTEL_BOT_USERNAME to https://github.com/open-telemetry/opentelemetry-collector-contrib/settings/secrets/actions |
|
Thanks working with that. |
|
Closing since @atoulme confirm it works. |
|
Sorry, it didn't work. I just never had time to get back into this. |
reopening @atoulme can you provide any more details / logs / errors that might help? |
|
The gh client doesn't work with username and password of the user. It would be best to remove those secrets from the repository, in case someone finds a way to abuse our checks and use those to login as opentelemetry-bot. Here is what I would need. Logged in as the opentelemetry-bot user, you can generate a token using the following steps:
|
|
hello folks, any upate on this issue? |
|
Hi @atoulme! Are you saying that the new PAT should replace the existing secrets |
|
@tigrannajaryan I see a PAT called |
@arminru I think yes, that's it, but I can't remember for certain. |
|
@atoulme I re-generated the aforementioned token and stored it under |
|
OK, I will try this out. I appreciate the help! |
This PR introduces a check backed by a github token that tests the content of .github/CODEOWNERS against the metadata of all the components. Given that a token is used, and won't be present in builds running with forks, this check is only made on the main branch of the repository `open-telemetry/opentelemetry-collector-contrib`. As such, I can't really test if it all works. The token is provisioned by open-telemetry/community#1659. More context in #30552
|
It worked! We're good now. Thanks for all your help, closing. |
Affected Repository
https://github.com/open-telemetry/opentelemetry-collector-contrib
Requested changes
Add a new PAT from the opentelemetry-bot with specific permissions to query the Github API for organization members.
Purpose
We are rolling out a tool that needs to get access to organization members list to check for codeowners.
See open-telemetry/opentelemetry-collector-contrib#20868 and open-telemetry/opentelemetry-collector-contrib#24638
Expected Duration
Permanently.
Repository Maintainers
The text was updated successfully, but these errors were encountered: