infra-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tomaz Muraus (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (INFRA-18874) Ability to manage Github project settings and secrets
Date Wed, 14 Aug 2019 12:21:00 GMT

    [ https://issues.apache.org/jira/browse/INFRA-18874?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16907222#comment-16907222
] 

Tomaz Muraus commented on INFRA-18874:
--------------------------------------

For the reference, here is the email I sent to Github support:

{quote}
Dear Github team,

We are evaluating Github Actions CI/CD for our Apache Software Foundation project (https://github.com/apache/libcloud),
but we encountered a road-block.

ASF only grants committers write access to the project repository (we can manage pull request,
issues, projects and milestones), but it doesn't grant committers admin access to manage the
project settings (https://github.com/apache/libcloud/settings).

This is done intentionally so committers can't remove things such as webhooks which are needed
to enforce ASF "everything is logged and can be audited" policy.

To comply with that ASF policy, every repo is set up so that every Github operation is logged
on the immutable ASF project mailing list.

Not having admin access to the repository, means we can't manage project secrets (https://github.com/apache/libcloud/settings/secrets)
which are needed to implement some parts of our CI/CD workflow.

Is there anything else we could do so we can still manage project secrets without having admin
access to the repository?

Perhaps allow every user with write access to the repository to manage secrets and not just
people with "Settings" tab access?

Keep in mind that this affects all the ASF projects which utilize Github and not just ours.
Here is the corresponding ASF infra ticket I opened - https://issues.apache.org/jira/browse/INFRA-18874.

Thanks and best regards,
Tomaz
{quote}

In the mean time, [~cml], would it be possible for you or someone else to manually set up
a secret for our project? At the moment, we only rely on one secret being set up and that's
ReadTheDocs webhook authentication token.

> Ability to manage Github project settings and secrets
> -----------------------------------------------------
>
>                 Key: INFRA-18874
>                 URL: https://issues.apache.org/jira/browse/INFRA-18874
>             Project: Infrastructure
>          Issue Type: Planned Work
>          Components: Github
>            Reporter: Tomaz Muraus
>            Priority: Minor
>
> Dear Infra team,
> We are evaluating new recently announced Github CI/CD as a potential replacement for
our existing Travis CI based CI/CD system.
> To be able to fully utilize it, we would need to have access to edit Github project settings
so we can manage secrets which are available to the CI/CD workflows (https://github.com/apache/libcloud/settings/secrets).
> https://help.github.com/en/articles/virtual-environments-for-github-actions#creating-and-using-secrets-encrypted-variables
> Right now we don't have access to change project settings and as such, we can't manage
secrets which are available to the workflows.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

Mime
View raw message