Open dsilvam opened 5 months ago
Ok folks, here's the plan. I spoke with Cloud Eng and they're good with the general approach.
dotcms-github-machine-user@dotcms.com
and store the credentials in KeeperWrite
access to the core repoKeep in mind that when we remove all existing PAT it will affect LTS as well
Keep in mind that when we remove all existing PAT it will affect LTS as well
Oh good point @erickgonzalez . So the existing ones would work till we nuked victors old PATs. But I should add that to the scope of this ticket.
As for making sure things keep working... What's the playbook to update the LTS pipelines? Are they just more places in the yaml on master
? Or do I have to go into a specific branch and put up a PR there?
- [x] Add the new machine user to our dotCMS github org
Note on this one that I just added to the org. I did not add to any existing group because none stood out as an obvious fit
We created new secrets in core repo
CI_MACHINE_USER
CI_MACHINE_TOKEN
All set... A few notes here
FYI @cobbg and @mbiuki
CI_MACHINE_TOKEN
value and voilà, but it's not automated so rotation will be manual at this point in timeGitHub Machine User
folder. All of the cloud engineering team has access to it. You can ask them for help if you need to get into the account for whatever reason.repo:status
, repo_deployment
, and public_repo
Writer
role to the core repo. Keep in mind that when we remove all existing PAT it will affect LTS as well
Oh good point @erickgonzalez . So the existing ones would work till we nuked victors old PATs. But I should add that to the scope of this ticket.
As for making sure things keep working... What's the playbook to update the LTS pipelines? Are they just more places in the yaml on
master
? Or do I have to go into a specific branch and put up a PR there?
I think @victoralfaro-dotcms is the one can answer this better
Also added secrets to plugin-seeds repo by slack request from @victoralfaro-dotcms and @dsilvam
NOTE
Used the same values for user and token as I did with core since it's for the same use
Request by @victoralfaro-dotcms to alos add the secret to the enterprise repo
Request by @victoralfaro-dotcms to alos add the secret to the enterprise repo
✅ Done
added workflow
permission to the existing token by @victoralfaro-dotcms's request
Parent Issue
No response
Task
There's a need for a new GH User to be used to run the different GH actions on the CICD pipeline. It will need a PAT with limited scope, including pushing to master. This one the
CICD_GITHUB_TOKEN
can go away.Proposed Objective
Core Features
Proposed Priority
Priority 2 - Important
Acceptance Criteria
CICD_GITHUB_TOKEN
is removedExternal Links... Slack Conversations, Support Tickets, Figma Designs, etc.
No response
Assumptions & Initiation Needs
No response
Quality Assurance Notes & Workarounds
No response
Sub-Tasks & Estimates
No response