search

openedx / openedx-webhooks

Webhooks for the Open edX GitHub and JIRA
http://openedx-webhooks.herokuapp.com/
Apache License 2.0
11 stars 20 forks source link

Figure out the future of the OSPR Bot #289

Open kdmccormick opened 2 years ago

kdmccormick commented 2 years ago

Decoupling questions

In light of the edX-tCRIL decoupling and increasing distribution of code ownership...

Who will depend on the bot, and for what?

Who will maintain the bot?

Where do bot-related issues go?

Other issues

Cataloging these here until we have a proper place for issues.

Personal access token vs App

Until recently, the OSPR bot was implemented as an OAuth App in GitHub. Because the openedx GitHub org is configured not to allow arbitrary OAuth Application access, we either needed to (i) do the legwork to make the OSPR bot an approved OAuth App, or (ii) change the bot to use a personal access token from the openedx-webhooks account, or (iii) change the openedx GitHub org to allow arbitrary OAuth application access.

We took approach (ii).

We have some concern that because this is not the "proper" way to integrate with GitHub (they technically have a one-user-account-per-human policy) that this may expose us to being rate-limited more aggressively than if it were a proper OAuth App or GitHub App (which, mind you, are different things). For now, we've decided to proceed with a personal access token, with Ned keeping an eye on the logs to see if we're approaching or hitting a rate limit.

In the future, though, it would probably be prudent to turn the OSPR bot into an approved GitHub App or OAuth App.

kdmccormick commented 2 years ago

@nedbat , @feanil , @Carlos-Muniz

sarina commented 2 years ago

https://github.com/openedx/tcril-engineering/issues/37

sarina commented 2 years ago

hahaha oh nevermind

jmakowski1123 commented 2 years ago

Target Q1/early Q2 for discovery work. Next step - write acceptance crit re: ?s stated above.