Access token for automating official-images PRs

[cap10morgan]

@Quantisan I found an action that should allow us to automate creating the docker-library/official-images pull requests on successful master CI runs: https://github.com/marketplace/actions/pull-request-another-repository

...but it needs a personal access token created. I don't have permission to do that (I don't think), so would you be able to and then add it to this repo as a secret?

According to that action's docs:

You must select the scopes: 'repo = Full control of private repositories', 'admin:org = read:org' and 'write:discussion = Read:discussion';

Thanks!

[Quantisan]

I added a API_TOKEN_GITHUB to this repo with a fine-grained access token to this particular repo with full read-write access. Let me know if this works or not and I can update accordingly.

[Quantisan]

[cap10morgan]

Thanks @Quantisan! Does #197 look OK to you?

[cap10morgan]

@Quantisan I think we're just about good to go here! The token you created needs permission to push a branch to your Quantisan/official-images fork and to open a pull request upstream from there (not sure if that's a separate permission or not). Would you mind adding those?

[Quantisan]

@Quantisan I think we're just about good to go here! The token you created needs permission to push a branch to your Quantisan/official-images fork and to open a pull request upstream from there (not sure if that's a separate permission or not). Would you mind adding those?

I updated the secret token. Give it a try?

[Quantisan]

one thing to note is that the token max expiration is 1 year. I have a calendar reminder to refresh it, but FYI.

[cap10morgan]

@Quantisan I think we're just about good to go here! The token you created needs permission to push a branch to your Quantisan/official-images fork and to open a pull request upstream from there (not sure if that's a separate permission or not). Would you mind adding those?

I updated the secret token. Give it a try?

Will do, thanks!

[cap10morgan]

@Quantisan after fixing a few bugs it got pretty far! It pushed to the branch in your fork but when it tried to create the pull request it got this error:

Resource not accessible by personal access token

So I guess there is still an "open pull request" or similar permission that the token needs on your official-images fork repo.

[Quantisan]

strange. I gave it full access. I'm suspecting it's because I'm using the fine-grained token and only gave full access to our 2 repos. Whereas this PR is attempting to create a PR on an upstream repo. Maybe that's why?

In any case, I replaced the env var with a classic token with full access to all of my private repos. @cap10morgan

[cap10morgan]

@Quantisan it worked, thanks! I'm going to let the docker-library folks know what's going on and see if they'd like me to tweak anything w/ this. And of course, let me know if you see anything you'd like me to change.

Here's the PR: https://github.com/docker-library/official-images/pull/14454