Quantisan / docker-clojure

Official Docker image for Clojure
https://hub.docker.com/_/clojure/
MIT License
204 stars 34 forks source link

Access token for automating official-images PRs #196

Closed cap10morgan closed 1 year ago

cap10morgan commented 1 year ago

@Quantisan I found an action that should allow us to automate creating the docker-library/official-images pull requests on successful master CI runs: https://github.com/marketplace/actions/pull-request-another-repository

...but it needs a personal access token created. I don't have permission to do that (I don't think), so would you be able to and then add it to this repo as a secret?

According to that action's docs:

You must select the scopes: 'repo = Full control of private repositories', 'admin:org = read:org' and 'write:discussion = Read:discussion';

Thanks!

Quantisan commented 1 year ago

I added a API_TOKEN_GITHUB to this repo with a fine-grained access token to this particular repo with full read-write access. Let me know if this works or not and I can update accordingly.

Quantisan commented 1 year ago
Screenshot 2023-04-06 at 15 38 16
cap10morgan commented 1 year ago

Thanks @Quantisan! Does #197 look OK to you?

cap10morgan commented 1 year ago

@Quantisan I think we're just about good to go here! The token you created needs permission to push a branch to your Quantisan/official-images fork and to open a pull request upstream from there (not sure if that's a separate permission or not). Would you mind adding those?

Quantisan commented 1 year ago

@Quantisan I think we're just about good to go here! The token you created needs permission to push a branch to your Quantisan/official-images fork and to open a pull request upstream from there (not sure if that's a separate permission or not). Would you mind adding those?

I updated the secret token. Give it a try?

Quantisan commented 1 year ago

one thing to note is that the token max expiration is 1 year. I have a calendar reminder to refresh it, but FYI.

cap10morgan commented 1 year ago

@Quantisan I think we're just about good to go here! The token you created needs permission to push a branch to your Quantisan/official-images fork and to open a pull request upstream from there (not sure if that's a separate permission or not). Would you mind adding those?

I updated the secret token. Give it a try?

Will do, thanks!

cap10morgan commented 1 year ago

@Quantisan after fixing a few bugs it got pretty far! It pushed to the branch in your fork but when it tried to create the pull request it got this error:

Resource not accessible by personal access token

So I guess there is still an "open pull request" or similar permission that the token needs on your official-images fork repo.

Quantisan commented 1 year ago

strange. I gave it full access. I'm suspecting it's because I'm using the fine-grained token and only gave full access to our 2 repos. Whereas this PR is attempting to create a PR on an upstream repo. Maybe that's why?

In any case, I replaced the env var with a classic token with full access to all of my private repos. @cap10morgan

cap10morgan commented 1 year ago

@Quantisan it worked, thanks! I'm going to let the docker-library folks know what's going on and see if they'd like me to tweak anything w/ this. And of course, let me know if you see anything you'd like me to change.

Here's the PR: https://github.com/docker-library/official-images/pull/14454