Create an account just for token creation

[maelle]

as mentioned by @assignUser https://github.com/ropensci-review-tools/pkgcheck/issues/123#issue-1109573181

Advantages

• no access to other repos
• if using an address like accounts+reviewtools@ropensci.org and well named tokens, several people would be notified of tokens needing to be renewed.

[mpadge]

This gained a boost in importance this week, with the discovery that GitHub must have somehow changed their token handling. Up until now, the main token shared between pkgcheck and pkgcheck-action (called "RRT_TOKEN") was a simple repo-level token that could be created by anyone with admin access, yet did not need to be a personal token. That recently stopped working, and the use of the token here: https://github.com/ropensci-review-tools/pkgcheck/blob/86bb65490969a76bf4bfd1ca92a7247ca9d27768/.github/workflows/docker.yaml#L50-L54 now only works with a personal token copied over to the equivalent token values here and in pkgcheck-action. I'll update the docs straight away to indicate this. The process will then definitely be easier and more robust if we had an account for token creation.

[maelle]

why not use ropenscibot then?

[mpadge]

Yep, my thought too. We would then need to ensure that at least one person with admin there was also watching notifications from pkgcheck.

[maelle]

what sort of notifications would be relevant? the token expiration?

[mpadge]

Yes. Technically they'd just have to watch whatever issue was given here: https://github.com/ropensci-review-tools/pkgcheck/blob/0728387cf316b51129aea3f73f156eb620144dc7/.github/workflows/monthly.yaml#L26 which is where the token expiration notifications come. Shall we set that up then?

[mpadge]

Description of tokens added in this ropensci-review-tools commit, including a section on "Assigning 'RRT_TOKEN' updates to a different person." Maybe that's actually sufficient for now? What do you think @maelle @assignUser :question:

Rendered section on tokens is here, with description of maintance-handover here.