Improve usability of PAT regen script

[cognifloyd]

Improve the output while running the script. Do not request the github password as it is no longer needed.

[blag]

The "established processes" don't work anymore because GitHub disabled basic authentication with account passwords. You can still use basic auth, but you have to use a PAT as the password. And PATs have scopes applied to them, so they are intentionally limited and restricted from doing certain things - like adding more PATs.

I believe GitHub's intent is to force a "human in the loop" when it comes to generating PATs. Luckily GitHub has made it easier to autofill the PAT name and check different PAT scopes, so we open a URL with HTTP GET parameters and GitHub autofills the rest for us.

So, as I have recently been that "human in the loop" for 80+ packs, the user flow is this:

1. Open a private/incognito browser window and sign in as stackstorm-neptr (the private/incognito mode is to separate it away from my normal browser window, where I am logged into it with my @blag account).
2. Browse to the account settings > Developer Settings > Personal Access Tokens.
3. Put in the stackstorm-netpr password again to activate GitHub's "sudo mode".
4. Run the script:

   USERNAME=stackstorm-neptr CIRCLECI_TOKEN=... ./tools/reset_github_user_token_and_update_circleci.sh pack1 pack2 pack3 pack4

5. The script prints out what it's doing, and opens a new private/incognito tab to the generate PAT page on GitHub.
6. The PAT name is already filled in, and the public_repo scope is already checked, so all I have to do is scroll down and click the "Generate Token" button.
7. Copy the PAT contents/value and paste it into my terminal where the script is running (the script securely reads the PAT like a password, so it's not printed when it is pasted).
8. The script takes the PAT and sets the MACHINE_PASSWORD environment variable value to the PAT contents for the pack's CircleCI project (this takes a few seconds, which quickly adds up when you're trying to get through 80+ packs at once).
9. The script goes back to step 5 until all packs are processed.

It's an alright solution. It's not great, I would rather have this completely automated, especially because PATs expire after one year of "non use", but it's a lot easier and more accurate than filling in those fields and checking those boxes by hand.

All of the hacks in this script are working around quirks in GitHub, CircleCI, or Bash. I've tried to document them where I can. It's not perfect, but it's a drastic improvement over having to do all of this manually.

Hopefully, with the other changes @cognifloyd has made, we won't need to constantly refresh tokens every weekend.

[cognifloyd]

There we go, @blag and I added ~50 lines of browser detection logic for Mac + Linux. It should be a bit more generic now if others want to use it.

[arm4b]

So the Github behavior has changed significantly. That makes sense, thanks for more info! :+1: If 3rd Maintainer comes to a PR and the context is hidden that much, - it's a sign of a problem. We sometimes work in pairs, but it shouldn't result in something like https://github.com/StackStorm/st2-auth-ldap/pull/83.

I understand a lot of work was done via private conversations and I'd encourage to collaborate about the operational things in public channels like #exchange (following #releasemgmt practices) as well as keep Github Issues and PRs better documented for the history and keep up with the existing level of quality.

Every piece of code here is designed to make every Maintainer use it and I know @nmaludy is also involved in the Exchange maintenance work. Any TSC member or newcomer should be able to navigate through this without guessing if the script was ever finished.

[arm4b]

This also should be helpful to mention here as an example:

• https://github.com/orgs/StackStorm-Exchange/projects/1
• https://github.com/StackStorm-Exchange/ci/issues

[cognifloyd]

I added a header comment with usage instructions / historical note on why it is opening a browser window. Plus, I dropped the no-scope token generation.

[cognifloyd]

I think all raised issues have been resolved. Please merge.