www-builds mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Allen Wittenauer ...@effectivemachines.com.INVALID>
Subject Re: Non committer collaborators on GitHub
Date Fri, 14 Dec 2018 17:01:00 GMT

> On Dec 14, 2018, at 3:57 AM, Zoran Regvart <zoran@regvart.com> wrote:
> 
> Hi Builders,
> I see some projects like Apache Sling use their own GitHub accounts
> via personal access tokens on GitHub. I'm guessing this is a
> workaround for not having a non-committer collaborator account that
> can be used to update commit status from Jenkins pipelines.
> 
> I too have created an account, I needed one just to bypass the API
> limits for anonymous access[1]. But since that account is not a
> collaborator on GitHub it cannot update the commit status. I.e. the
> end result is:
> 
> Could not update commit status, please check if your scan credentials
> belong to a member of the organization or a collaborator of the
> repository and repo:status scope is selected
> 
> So one way of fixing this is to use my own GitHub account, which I'm,
> understandably hesitant to do.
> 
> Another is to have this non-committer account added as a collaborator,
> would this violate any ASF rules?
> 
> And, probably the best one, is to have a ASF wide GitHub account that
> builds can use.


More or less, +1 .

I’m currently going through this whole exercise now.

We committed support for Github Branch Source Plug-in (and Github pull request builder) into
Apache Yetus and now want to test it.  But it’s pretty impossible to do that because the
account that we’re using (that’s tied to private@yetus.apache.org) doesn’t have enough
access permissions to really do much.

I do think because of how Github works, an ASF-wide one is probably too dangerous.  But I
can’t see why private@project accounts couldn’t be added so long as folks don’t do dumb
things like auto-push code.  There has to be a level of trust here unfortunately though which
is why it may not come to fruition. :(

Side-rant:

I think part of the basic problem here is that Github’s view of permissions is really awful.
 It is super super dumb that accounts have to have admin-level privileges for repos to use
the API to do some basic things that can otherwise be gleaned by just scraping the user-facing
website.  If anyone from Github is here, I’d love to have a chat. ;)




Mime
View raw message