Delegated Compute Enhancements

[0x4007]

• update find grained PAT docs based on Fine-grained Personal Access Tokens.pdf
• directly read the conversation from github api from compute.yml instead of trying to pass it all in to the actions dispatch API.
  • If the source repo is private then makes sense to pass in everything. otherwise doens't make sense.
• fix the PAT situation we discussed at length.

[0x4007]

If we want to provide some ubiquity governance token incentive for partners to start using our bot to manage their repositories, how do you think we can securely implement this with a whitelist?

[0x4007]

@wannacfuture rfc

[whilefoo]

I think we should create another Github app for plugins that requests permission actions:write (for triggering workflow_dispatch) so that way we can invoke any plugin that has this app installed on the repository, instead of having a PAT which is created by a certain user so it means the user needs permissions on every plugin repo.

Having a PAT also won't work because the Github compute action won't be able to trigger a repository_dispatch event on other repositories without having explicit access, so I think it would be better to create repository_dispatch event on the plugin repository itself which will trigger our bot.

[ubiquibot[bot]]

# Issue was not closed as completed. Skipping.