Closed legoktm closed 1 year ago
Token has been created, so this is ready for review. I will also kick off a test job tomorrow to make sure the token is read properly.
I pushed https://github.com/freedomofpress/securedrop-builder/commit/50ea9e47a81a1c4d9b00b8c8e07aeab5644fc960 to force run the issue creation script, but it failed with:
HTTP 401: Personal access tokens with fine grained access do not support the GraphQL API (https://api.github.com/graphql)
Try authenticating with: gh auth login
Per https://github.com/community/community/discussions/36441 this is a known limitation, I've asked infra if we can switch to a classic token for now.
The new classic token works! It created https://github.com/freedomofpress/securedrop/issues/6730.
CI will now create a new issue (or update an existing one) whenever it fetches new Tor packages. This is something that I have been doing manually for a while now whenever I see a new Tor release announcement.
The generated issue contains the checklist as well as the diff of the new debs so you can see the version and checksums of the packages. An example issue (with the wrong patch) is https://github.com/freedomofpress/securedrop/issues/6723.
Some potential future improvements that I deferred for now is to include the version number in the issue title, and the correct Tor Project forum link.
The script wraps around the official
gh
CLI tool, it needs a GITHUB_TOKEN to be set in the environment to work properly.gh
is only available in bullseye-backports, so I had to adjust the image so it would be installable.Of course, if this works out well, I'd like to expand this to other things like kernel and dependency updates.