Closed maxux closed 8 months ago
After investigation, this mapping should works. I'm working on it. I created a new dedicated threebot account to manage legacy repositories. I'm testing implementation to ensure we can manage the multiple repositories from a single token account.
Porting https://github.com/threefoldtech/0-hub-gw to support new token
Updating production hub to support virtual users now
Updating https://github.com/threefoldtech/0-flist/blob/development-v2/.github/workflows/zflist-publish to smoothly supports new token without massive changes for end user
Everything is updated, first productions tests seems okay, will open new issue if needed.
Since the beginning, we rely on
itsyou.online
for GitHub Actions tokens because this authentication methods supports multiple accounts being controlled from a single token, with approved authorizationitsyou.online
backend side. One main feature that we use a lot from that is the ability to do actions on behalf someone else authorized.Using threefold token (3bot token), you can only do action for your own account and can't authorize delegation.
All of that working fine so far... until latest Actions builds...
Well...
itsyou.online
is deprecated for months (if not years) now... so we need to have an alternative, we can't continue rely on this dead webservice.Right now, usage of
threefold token
assume that accounts ends with.3bot
so virtual accounts liketf-zos
can't link out-of-box to a3bot account
.In order to supports
threefold tokens
as authorized tokens for theses virtual users and to apply minimal changes to the hub to avoid introducing some new untested concepts, I suggest this:This would enable
GitHub Actions
to use new tokens implementation and discarditsyou.online
without the need of renaming current users and creating lot of new 3bot accounts.I need to double check if nothing else is required and if this could covers all API endpoints to be sure we don't miss something.