search

senzing-factory / build-resources

Collection of utilities to aid with build process
Apache License 2.0
1 stars 1 forks source link

Add project token to org #22

Closed kernelsam closed 1 year ago

kernelsam commented 1 year ago

To be used by #16, needs to be set in the called workflow as well as the caller workflow.

This is currently set to the existing token used for linking classic projects which does not have the correct permissions, see output.

This action is being taken in conjunction with #15 as tokens should always have the minimum level of permissions required to run the respective workflow.

Create a fine-grained personal access token - the account needs to have access to the respective project(s) and repository(s).

  1. In the upper-right corner of any page, click your profile photo, then click Settings.
  2. In the left sidebar, click Developer settings.
  3. In the left sidebar, under Personal access tokens, select Tokens (classic).
  4. Click Generate new token.
  5. Under Note, enter a name for the token: SENZING_GITHUB_PROJECT_RW_TOKEN.
  6. Under Expiration, select an expiration for the token.
  7. Under Select scopes select the following:
    • ☑️ project
      • ☑️ read:project
  8. Click Generate token.
  9. Copy the new token as it will only be viewable once and we will use it in Step 2 below.
  10. Add the newly generated token in step 1 as an organization secret for Dependabot

Note: To create secrets at the organization level, you must have admin access.

  1. On GitHub.com, navigate to the main page of the organization.
  2. Under your organization name, click Settings. If you cannot see the Settings tab, select the dropdown menu, then click Settings.
  3. In the Security section of the sidebar, select * Secrets and variables, then click Dependabot.
  4. Click New organization secret.
  5. In the Name input box type: SENZING_GITHUB_PROJECT_RW_TOKEN.
  6. Input the token generated above into the text box.
  7. From the Repository access dropdown list, choose Selected repositories.
  8. Under the Selected repositories dropdown, select the following:
    • build-resources
  9. Click Add secret.
  10. In the Security section of the sidebar, select * Secrets and variables, then click Actions.
  11. Click New organization secret.
  12. In the Name input box type: SENZING_GITHUB_PROJECT_RW_TOKEN.
  13. Input the token generated above into the text box.
  14. From the Repository access dropdown list, choose Selected repositories.
  15. Under the Selected repositories dropdown, select the following:
    • build-resources
  16. Click Add secret.
docktermj commented 1 year ago

@kernelsam Done, but had to use some instructions from https://github.com/Senzing/build-resources/issues/6.

Also, after an instruction like:

In the Name input box type: CODEOWNER_PR_RW_TOKEN.

there needs to be in instruction to put the value of the token into the text box.

kernelsam commented 1 year ago

@docktermj I updated the description in #6 as well as this issue with instructions for inputing the token in the text box. What instructions did you need to use from #6?

kernelsam commented 1 year ago

Moving back to in progress. This is missing in the actions secrets. From above description:

In the Security section of the sidebar, select * Secrets and variables, then click Actions. Click New organization secret. In the Name input box type: PROJECT_RW_TOKEN. Input the token generated above into the text box. From the Repository access dropdown list, choose Selected repositories. Under the Selected repositories dropdown, select the following: build-resources Click Add secret.

kernelsam commented 1 year ago

@docktermj per discussion I have updated the token name in the description of this issue to SENZING_GITHUB_PROJECT_RW_TOKEN.