Project

General

Profile

Actions

action #123661

closed

Use non-personal or in-team tokens for openQA OBS CI integration size:M

Added by okurz almost 2 years ago. Updated almost 2 years ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
Feature requests
Target version:
Start date:
2023-01-25
Due date:
% Done:

0%

Estimated time:

Description

Motivation

coolo noticed that there are some obs packages that use his token for CI integration:

<entry id="12" string="L8QrNuC50kjUlZWQmD4+mMAYApbF9w2sgXOEHvdj" kind="service" description="" triggered_at="2023-01-23 16:23:23 UTC" project="devel:openQA" package="openQA"/>
<entry id="3046" string="THZ7YadHSbAa5Kwg5Jy4ud3w" kind="service" description="" triggered_at="2023-01-23 16:23:23 UTC" project="devel:openQA" package="openqa_dev"/>
<entry id="3055" string="pqpAr26bZQGTo2TwyPLJX5VV" kind="service" description="" triggered_at="2023-01-23 16:23:23 UTC" project="devel:openqa:ci" package="base"/>
<entry id="3058" string="nSiTjKwRQzWn3umDvBx8C4Vc" kind="service" description="" triggered_at="2023-01-23 16:23:22 UTC" project="devel:openqa:ci" package="dependency_bot"/>

We should switch to non-personal or in-team tokens like we already do with os-autoinst using a token and account from okurz. It might be desired to use a person in changelogs, not a bot-account.

Acceptance criteria

  • AC1: no token owned by coolo is used

Suggestions


Related issues 1 (0 open1 closed)

Related to openQA Project (public) - action #123867: [sporadic][ci] circleCI job "build-docs-nightly" failedResolvedtinita2023-02-01

Actions
Actions #1

Updated by okurz almost 2 years ago

  • Subject changed from [epic] Use non-personal or in-team tokens for openQA OBS CI integration to Use non-personal or in-team tokens for openQA OBS CI integration size:M
  • Description updated (diff)
  • Status changed from New to Workable
Actions #2

Updated by mkittler almost 2 years ago

The linked documentation explains how to create a token. However, what places would I need to update to use the newly generated token? Some of the webkooks under https://github.com/os-autoinst/openQA/settings/hooks?

I have also recently changed the key of the obs-workflow GitHub user (see https://gitlab.suse.de/openqa/password/-/merge_requests/5) and also don't know which places need updating now.

Actions #3

Updated by okurz almost 2 years ago

I did osc token --create devel:openQA openQA which created token id 6964. I updated in https://github.com/os-autoinst/openQA/settings/hooks/58885945 and now we can await if the openQA package uses that.

Actions #4

Updated by okurz almost 2 years ago

  • Due date set to 2023-02-10
  • Status changed from Workable to Feedback
  • Assignee set to okurz

I then did osc token --create devel:openQA openqa_dev creating id 6967. osc token --create devel:openqa:ci base showed me error 404. I need to mind the casing. osc token --create devel:openQA:ci base creating id 6970 and osc token --create devel:openQA:ci dependency_bot creating id 6973 so we don't need any of coolo's tokens anymore.

Actions #5

Updated by okurz almost 2 years ago

  • Related to action #123867: [sporadic][ci] circleCI job "build-docs-nightly" failed added
Actions #6

Updated by okurz almost 2 years ago

  • Due date deleted (2023-02-10)
  • Status changed from Feedback to Resolved

#123867 turned out to be not related. I assume we are good.

Actions

Also available in: Atom PDF