action #123661: Use non-personal or in-team tokens for openQA OBS CI integration size:M - openQA Project - openSUSE Project Management Tool

action #123661

Use non-personal or in-team tokens for openQA OBS CI integration size:M

Added by okurz 2 months ago. Updated about 2 months ago.

Status:

Resolved

Priority:

High

Assignee:

okurz

Category:

Feature requests

Target version:

Ready

Start date:

2023-01-25

Due date:

% Done:

Estimated time:

Difficulty:

Description

Motivation¶

coolo noticed that there are some obs packages that use his token for CI integration:

<entry id="12" string="L8QrNuC50kjUlZWQmD4+mMAYApbF9w2sgXOEHvdj" kind="service" description="" triggered_at="2023-01-23 16:23:23 UTC" project="devel:openQA" package="openQA"/>
<entry id="3046" string="THZ7YadHSbAa5Kwg5Jy4ud3w" kind="service" description="" triggered_at="2023-01-23 16:23:23 UTC" project="devel:openQA" package="openqa_dev"/>
<entry id="3055" string="pqpAr26bZQGTo2TwyPLJX5VV" kind="service" description="" triggered_at="2023-01-23 16:23:23 UTC" project="devel:openqa:ci" package="base"/>
<entry id="3058" string="nSiTjKwRQzWn3umDvBx8C4Vc" kind="service" description="" triggered_at="2023-01-23 16:23:22 UTC" project="devel:openqa:ci" package="dependency_bot"/>

We should switch to non-personal or in-team tokens like we already do with os-autoinst using a token and account from okurz. It might be desired to use a person in changelogs, not a bot-account.

Acceptance criteria¶

AC1: no token owned by coolo is used

Suggestions¶

Replace the above tokens with non-personal or in-team tokens
Either use okurz same as for os-autoinst or research if a non-personal account is ok with a team mailing list and potentially create new team mailing list and use that account and create token in there
Follow https://openbuildservice.org/help/manuals/obs-user-guide/cha.obs.authorization.token.html

Related issues

History

#1 Updated by okurz about 2 months ago

Subject changed from [epic] Use non-personal or in-team tokens for openQA OBS CI integration to Use non-personal or in-team tokens for openQA OBS CI integration size:M
Description updated (diff)
Status changed from New to Workable

#2 Updated by mkittler about 2 months ago

The linked documentation explains how to create a token. However, what places would I need to update to use the newly generated token? Some of the webkooks under https://github.com/os-autoinst/openQA/settings/hooks?

I have also recently changed the key of the obs-workflow GitHub user (see https://gitlab.suse.de/openqa/password/-/merge_requests/5) and also don't know which places need updating now.

#3 Updated by okurz about 2 months ago

I did osc token --create devel:openQA openQA which created token id 6964. I updated in https://github.com/os-autoinst/openQA/settings/hooks/58885945 and now we can await if the openQA package uses that.

#4 Updated by okurz about 2 months ago

Due date set to 2023-02-10
Status changed from Workable to Feedback
Assignee set to okurz

I then did osc token --create devel:openQA openqa_dev creating id 6967. osc token --create devel:openqa:ci base showed me error 404. I need to mind the casing. osc token --create devel:openQA:ci base creating id 6970 and osc token --create devel:openQA:ci dependency_bot creating id 6973 so we don't need any of coolo's tokens anymore.

#5 Updated by okurz about 2 months ago

Related to action #123867: [sporadic][ci] circleCI job "build-docs-nightly" failed added

#6 Updated by okurz about 2 months ago

Due date deleted (~~2023-02-10~~)
Status changed from Feedback to Resolved

#123867 turned out to be not related. I assume we are good.

Also available in: Atom PDF

Project

General

Profile

QA » openQA Project

Issues

Tags

Custom queries