search

celestiaorg / celestia-app

Celestia consensus node
https://celestiaorg.github.io/celestia-app/
Apache License 2.0
345 stars 285 forks source link

Investigate why v2.3.0 release attributed to rootulp #3987

Open rootulp opened 5 days ago

rootulp commented 5 days ago

Context

@evan-forbes created and pushed the git tag v2.3.0.

Problem

https://github.com/celestiaorg/celestia-app/releases/tag/v2.3.0 is attributed to me

Proposal

Investigate why Github thinks I created this release. I think GoReleaser recognized the git tag and then created the release but it shouldn't be labeling me as the release creator.

rootulp commented 5 days ago

GH action: https://github.com/celestiaorg/celestia-app/actions/runs/11374251446/job/31642619985

GoReleaser did recognize the git tag and created the release but unclear why it was attributed to me. There is no GoReleaser config to modify the release creator / attribution.

Created a Discord question about it: https://discord.com/channels/890434333251362866/1296531338307833938

rootulp commented 4 days ago

Update: response on Discord

Are you using a personal access token? If so, the owner of that token will be the author of the release

It's likely that celestia-app repo is using a personal access token from me so I'm asking how we can change the token or behavior so that releases aren't attributed to me.

Relevant docs:

Screenshot

Screenshot 2024-10-18 at 10 47 09 AM

rootulp commented 1 day ago

We may be able to use the token that Github generates per workflow run: secrets.GITHUB_TOKEN. We need to give that token contents:write.

We likely want to test this change on a fork before we do it on this repo because the existing GORELEASER_ACCESS_TOKEN may have another permission that is necessary.