Closed cognifloyd closed 2 years ago
I really like the ideas and process described, which will help a lot in maintaining the Exchange in an automated way.
I'd think about add pack maintainers
less priority effort and maybe having more edge cases. Perhaps creating it in another PR would be better?
!bootstrap pack
would be awesome :100:
Thanks for the research!
After thinking more about this, adding additional users as maintainers via Github comments has many edge cases and I think would be more a security risk rather than helpful.
However, adding the initial contributor as a pack maintainer automatically, as part of the Bootstrap Pack workflow would be perfectly nice.
This is logically complete, but now I need to figure out how to test https://github.com/StackStorm-Exchange/ci/pull/133 and this. It'll probably involve playing around in another org. Hmm.
There we have it. This workflow is now complete. Once https://github.com/StackStorm-Exchange/ci/pull/133 is merged, this can be merged.
Check out my final test run here: https://github.com/st2sandbox/exchange-incubator/runs/6501905579?check_suite_focus=true Which created this test pack: https://github.com/st2sandbox/pack-reviewboard/pull/1 And these comments:
!bootstrap pack
: https://github.com/st2sandbox/exchange-incubator/pull/1#issuecomment-1131253710I slightly cleaned up the comments after that test run.
The secrets are ready on this repo. So, once this is merged, we'll be able to use it.
OK. I reviewed the various scripts (like exchange-bootstrap.sh) and #7 to create the general outline of some workflows we could use to create and configure new exchange packs.
overall process:
!bootstrap pack
on the Incubator PRBootstrap Pack from PR
workflow!add pack maintainers ...
(format/contents of...
TBD)~Add Pack Maintainers
workflow~edit: steps 7 and 8 are out-of-scope for this PR. Looks like that will be "have a senior maintainer setup the groups and user access".
We might be able to use PR labels to trigger this instead of issue comments. For now, I've just used a chatops-esque issue comment.
This will require a PAT that gives admin access to the exchange (permissions:
repo
,admin:org
). ~We will probably need a separate bot account for that since stackstorm-neptr does not have admin access any more. That bot account will probably also need an ssh key that it can use the key to push and pull.~The PAT ~and ssh private key~ only needs to be available in the secrets for this one repo. So, this should not be a significant maintenance burden; unlike how we created one PAT for each pack repo for use in CircleCI, which was a nightmare, this should require minimal maintenance.