mhdawson
commented
1 year ago +1 from me. Were would the API key go? A github workflow in nodejs-private/node-private or somewhere else?
Closed RafaelGSS closed 1 year ago
mhdawson
commented
1 year ago +1 from me. Were would the API key go? A github workflow in nodejs-private/node-private or somewhere else?
RafaelGSS
commented
1 year ago I don't know yet. Probably in the releaser machine. We'll set it with: ncu-ci set h1_token TOKEN. So, we'll need one for each releaser I guess. I should be read_only access.
mhdawson
commented
1 year ago Since the token will expose all of our H1 reports we do need to think through carefully were tokens will live. Is it something that each releaser needs to run or would an action in nodejs-private work?
richardlau
commented
1 year ago @RafaelGSS is the automation (or this part of the automation) intended for the releasers or the release stewards (or both?)?
RafaelGSS
commented
1 year ago Since the token will expose all of our H1 reports we do need to think through carefully were tokens will live. Is it something that each releaser needs to run or would an action in nodejs-private work?
For now, it's something that each release steward would need to run. But, I'm pretty sure we'll be able to do it via action. I need the token to play with it and see how feasible is it.
@RafaelGSS is the automation (or this part of the automation) intended for the releasers or the release stewards (or both?)?
This part is intended for the release stewards. But, once it's everything automated a releaser can do both.
RafaelGSS
commented
1 year ago I have admin access now.
I'm working on automation for security release and was planning to use the H1 Api to collect all the reports (triaged) and automatically include them in the "Next security release" issue.