[Tracking/Request] Create GitHub PAT to use with Flux - Githubissues

cncf-tags / green-reviews-tooling

Project Repository for the WG Green Reviews which is part of the CNCF TAG Environmental Sustainability

https://github.com/cncf/tag-env-sustainability/tree/main/working-groups/green-reviews

Apache License 2.0

25 stars 14 forks source link

[Tracking/Request] Create GitHub PAT to use with Flux #7

Closed nikimanoledaki closed 4 months ago

nikimanoledaki commented 11 months ago

Unblocks https://github.com/cncf-tags/green-reviews-tooling/issues/5

We want to use Flux as part of our GitOps approach to deploying the applications in the cluster that we are setting up for the sustainability assessments.

We would like to request a GitHub PAT from the cncf-tags org, please

The Flux docs specify the requirements for the GitHub PAT for an Organization here - the docs recommend creating a bot account:

If you want to bootstrap Flux for a repository owned by an GitHub organization, it is recommended to create a dedicated user for Flux under your organization.

Generate a GitHub PAT for the Flux user that can create repositories by checking all permissions under repo.

If you want to use an existing repository, the Flux user must have admin permissions for that repository.

We can use a fine-grained PAT since they are more secure than classic PATs.

leonardpahlke commented 11 months ago

fyi @RobertKielty issue to coordinate

RobertKielty commented 11 months ago

Hi @nikimanoledaki and @leonardpahlke

I've created a fine-grained token, wg-green-review-flux that grants the following access to the cncf-tags/green-reviews-tooling repo:

Repository permissions

Read access to metadata
Read and Write access to administration and code

I've shared the token with @leonardpahlke

leonardpahlke commented 11 months ago

Thanks @RobertKielty !

nikimanoledaki commented 11 months ago

Thank you @RobertKielty!

We'll be able to close this once we test the PAT as part of https://github.com/cncf-tags/green-reviews-tooling/issues/5 👍

AntonioDiTuri commented 11 months ago

I tested this and it works! I think we can close this issue! Thanks everybody

nikimanoledaki commented 11 months ago

Wonderful, thank you for testing, @AntonioDiTuri! 🎉

rossf7 commented 4 months ago

Reopening as for #99 we have a new workflow that we'd like to trigger via the REST API using workflow_dispatch

https://github.com/cncf-tags/green-reviews-tooling/blob/main/.github/workflows/benchmark-pipeline.yaml

For that we need a new fine grained token with the permissions below.

"Actions" repository permissions (write)

@RobertKielty could you help us with this?

cc @leonardpahlke @nikimanoledaki @AntonioDiTuri

RobertKielty commented 4 months ago

Done. Shared with @leonardpahlke. This PAT Expires on Nov 29th as does the original one on this request.

rossf7 commented 4 months ago

Thank you @RobertKielty for the quick turnaround. Much appreciated!

rossf7 commented 4 months ago

Token is added as a secret and being used successfully here 🎉 https://github.com/cncf-tags/green-reviews-tooling/actions/runs/9681217682

I'll add a reminder for the token expiry