Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add secrets to GitHub action #25

Closed
Trott opened this issue Jun 26, 2020 · 10 comments
Closed

add secrets to GitHub action #25

Trott opened this issue Jun 26, 2020 · 10 comments

Comments

@Trott
Copy link
Member

Trott commented Jun 26, 2020

The action is failing because secrets need to be set.
@mmarchini
Copy link

I think we need to generate the secrets for @nodejs-github-bot. I'm not sure who has the password to that account.

@Trott
Copy link
Member Author

Trott commented Jun 29, 2020

/ping @nodejs/github-bot

@phillipj
Copy link
Member

I'm one of the few lucky ones who has access to those build/github-bot secrets.

Not entirely sure what we're talking about here.. But trying to read between the lines, based off of what we usually do with secrets;

  1. Generate a secret
  2. Configure that secret as an github-bot environment variable on the server
  3. Someone needs the secret to configure something at github.com?

@cclauss
Copy link

cclauss commented Jun 29, 2020

3. Someone needs the secret to configure https://github.com/nodejs/reliability/tree/master/.github/workflows

@mmarchini
Copy link

mmarchini commented Jun 29, 2020
edited
Loading

I'm one of the few lucky ones who has access to those build/github-bot secrets.

Should we expand the access to @nodejs-github-bot setting to other teams (Build and TSC)? (to be clear, I'm referring to the GitHub Profile, not to the nodejs/github-bot server. Those are separate things as the @nodejs-github-bot can be used by other applications as well)

@phillipj
Copy link
Member

Should we expand the access to @nodejs-github-bot setting to other teams (Build and TSC)?

I'd love for more people to get involved in general!

At the moment, those secrets are part of the secrets-repo in a dedicated build/github-bot directory which has its own set of GPG keys. That means not everyone in Build gets access automatically, but those who has shown interest and thereby have gotten their GPG key added specifically. It's a smaller group, some from current/emeriti TSC members and Build.

The @nodejs-github-bot account credentials are available in that directory.

@mmarchini
Copy link

SSH access credentials should be on the secrets repo, but IMO the github-bot account credentials should go to LastPass or 1Password. @bnb do you think we could add this password to 1Password? How granular are the permissions on 1Password?

@bnb
Copy link

bnb commented Jun 29, 2020

@mmarchini we can limit to only groups having access to single vaults. Other groups won’t have access. The only people who’d be able to see the context outside of the people with access would be owners - so, currently, the chair people of the two committees.

@mmarchini
Copy link

We might need to clarify the process to:

a) Create personal tokens on github-bot
b) Add secrets to a repository

I requested access to the github-bot secrets, as soon as I'm granted access I could create the tokens and set it up in this repository, but it's not clear if we need to wait for approval or objections (and for how long we need to wait).

@mmarchini mmarchini mentioned this issue Jul 1, 2020
Closed
@mmarchini
Copy link

Secrets created, but the Action is still failing. I'll open another issue to investigate that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@bnb @Trott @phillipj @cclauss @mmarchini