pack bootstrap workflow

[cognifloyd]

OK. I reviewed the various scripts (like exchange-bootstrap.sh) and #7 to create the general outline of some workflows we could use to create and configure new exchange packs.

overall process:

1. new pack Incubator PR
2. review, make changes, and repeat until a TSC member approves the Incubator PR (DO NOT MERGE IT)
3. TSC member: add comment !bootstrap pack on the Incubator PR
4. GHA runs Bootstrap Pack from PR workflow
5. Review the GHA-created PR on the bootstrapped pack repo (all checks should already be passing since they have to pass here)
6. On bootstrapped pack repo, merge the initial content PR
7. ~On Incubator PR, add comment !add pack maintainers ... (format/contents of ... TBD)~
8. ~GHA runs Add Pack Maintainers workflow~
9. Double check that the pack is present on the index. If not manually dispatch an index update workflow (or wait)
10. All done. Pack is now published on the exchange and pack repo metadata & permissions are configured.

edit: steps 7 and 8 are out-of-scope for this PR. Looks like that will be "have a senior maintainer setup the groups and user access".

We might be able to use PR labels to trigger this instead of issue comments. For now, I've just used a chatops-esque issue comment.

This will require a PAT that gives admin access to the exchange (permissions: repo, admin:org). ~We will probably need a separate bot account for that since stackstorm-neptr does not have admin access any more. That bot account will probably also need an ssh key that it can use the key to push and pull.~

The PAT ~and ssh private key~ only needs to be available in the secrets for this one repo. So, this should not be a significant maintenance burden; unlike how we created one PAT for each pack repo for use in CircleCI, which was a nightmare, this should require minimal maintenance.

[cognifloyd]

Depends on https://github.com/StackStorm-Exchange/ci/pull/133

[arm4b]

I really like the ideas and process described, which will help a lot in maintaining the Exchange in an automated way. I'd think about add pack maintainers less priority effort and maybe having more edge cases. Perhaps creating it in another PR would be better? !bootstrap pack would be awesome :100:

Thanks for the research!

[arm4b]

After thinking more about this, adding additional users as maintainers via Github comments has many edge cases and I think would be more a security risk rather than helpful.

However, adding the initial contributor as a pack maintainer automatically, as part of the Bootstrap Pack workflow would be perfectly nice.

[CLAassistant]

All committers have signed the CLA.

[cognifloyd]

This is logically complete, but now I need to figure out how to test https://github.com/StackStorm-Exchange/ci/pull/133 and this. It'll probably involve playing around in another org. Hmm.

[cognifloyd]

There we have it. This workflow is now complete. Once https://github.com/StackStorm-Exchange/ci/pull/133 is merged, this can be merged.

Check out my final test run here: https://github.com/st2sandbox/exchange-incubator/runs/6501905579?check_suite_focus=true Which created this test pack: https://github.com/st2sandbox/pack-reviewboard/pull/1 And these comments:

• !bootstrap pack: https://github.com/st2sandbox/exchange-incubator/pull/1#issuecomment-1131253710
• bot reply to say WIP: https://github.com/st2sandbox/exchange-incubator/pull/1#issuecomment-1131254135
• bot reply to say done: https://github.com/st2sandbox/exchange-incubator/pull/1#issuecomment-1131254824

I slightly cleaned up the comments after that test run.

[cognifloyd]

The secrets are ready on this repo. So, once this is merged, we'll be able to use it.