Zeitsperre
commented
2 weeks ago @analytophile
Hi James, it looks like there are some changes I need to perform in RavePy for a new release. Would you happen to have time to look into this issue?
Thanks!
Open Zeitsperre opened 2 months ago
Zeitsperre
commented
2 weeks ago @analytophile
Hi James, it looks like there are some changes I need to perform in RavePy for a new release. Would you happen to have time to look into this issue?
Thanks!
analytophile
commented
2 weeks ago seems more steps are required.
The next options to allow or deny are: Require approval of fine-grained personal access tokens Restrict access via personal access tokens (classic)
Do you know if either or both of these should be allowed or denied? Or whether there are any important ramifications of this decision?
Zeitsperre
commented
1 week ago All good.
On Ouranosinc, I've disabled the classic personal access tokens, since they give users a lot of (too much) control.
The classic tokens can be made to act effectively like a second user (which is way too much power), while the fine-grained tokens are much more limited in scope. I also think it makes more sense to set these tokens (or renew them) every year, which is the case for the fine-grained tokens (classic tokens can be made without an expiration date). From what I can see, the classic tokens are being shifted away from, while the new method is being adopted as the standard.
For the approvals, that's more up to you. My plan is to add one or two tokens here that will run a bot that does a few helpful things (bumping versions, adding issues to projects, etc.). If I ask for approval, you'll get a message to allow or deny the request. It's probably a good idea to manually approve requests (that's what I've set for us as well).
analytophile
commented
1 week ago Thanks - it's been enabled!
Zeitsperre
commented
1 week ago @analytophile The requests have been sent for your approval. Thank again!
In order to add some necessary token for running actions, I need to be able to create a Token Request as a member of CSHS-CWRA. These tokens are used for running workflows and performing automated actions on behalf of a user.
The organization does not currently allow for these requests, and I need to be able to add some tokens to this repo before closing #386.
@analytophile could you enable this on the CSHS-CWRA organization? For more information: https://docs.github.com/en/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization
Steps:
CSHS-CWRA, clickSettings.Personal access tokens, clickSettings.Fine-grained personal access tokens, select:Allow access via fine-grained personal access tokensSave.