Project

General

Profile

action #123661

Use non-personal or in-team tokens for openQA OBS CI integration size:M

Added by okurz 2 months ago. Updated about 2 months ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
Feature requests
Target version:
Start date:
2023-01-25
Due date:
% Done:

0%

Estimated time:
Difficulty:

Description

Motivation

coolo noticed that there are some obs packages that use his token for CI integration:

<entry id="12" string="L8QrNuC50kjUlZWQmD4+mMAYApbF9w2sgXOEHvdj" kind="service" description="" triggered_at="2023-01-23 16:23:23 UTC" project="devel:openQA" package="openQA"/>
<entry id="3046" string="THZ7YadHSbAa5Kwg5Jy4ud3w" kind="service" description="" triggered_at="2023-01-23 16:23:23 UTC" project="devel:openQA" package="openqa_dev"/>
<entry id="3055" string="pqpAr26bZQGTo2TwyPLJX5VV" kind="service" description="" triggered_at="2023-01-23 16:23:23 UTC" project="devel:openqa:ci" package="base"/>
<entry id="3058" string="nSiTjKwRQzWn3umDvBx8C4Vc" kind="service" description="" triggered_at="2023-01-23 16:23:22 UTC" project="devel:openqa:ci" package="dependency_bot"/>

We should switch to non-personal or in-team tokens like we already do with os-autoinst using a token and account from okurz. It might be desired to use a person in changelogs, not a bot-account.

Acceptance criteria

  • AC1: no token owned by coolo is used

Suggestions


Related issues

Related to openQA Project - action #123867: [sporadic][ci] circleCI job "build-docs-nightly" failedResolved2023-02-01

History

#1 Updated by okurz about 2 months ago

  • Subject changed from [epic] Use non-personal or in-team tokens for openQA OBS CI integration to Use non-personal or in-team tokens for openQA OBS CI integration size:M
  • Description updated (diff)
  • Status changed from New to Workable

#2 Updated by mkittler about 2 months ago

The linked documentation explains how to create a token. However, what places would I need to update to use the newly generated token? Some of the webkooks under https://github.com/os-autoinst/openQA/settings/hooks?

I have also recently changed the key of the obs-workflow GitHub user (see https://gitlab.suse.de/openqa/password/-/merge_requests/5) and also don't know which places need updating now.

#3 Updated by okurz about 2 months ago

I did osc token --create devel:openQA openQA which created token id 6964. I updated in https://github.com/os-autoinst/openQA/settings/hooks/58885945 and now we can await if the openQA package uses that.

#4 Updated by okurz about 2 months ago

  • Due date set to 2023-02-10
  • Status changed from Workable to Feedback
  • Assignee set to okurz

I then did osc token --create devel:openQA openqa_dev creating id 6967. osc token --create devel:openqa:ci base showed me error 404. I need to mind the casing. osc token --create devel:openQA:ci base creating id 6970 and osc token --create devel:openQA:ci dependency_bot creating id 6973 so we don't need any of coolo's tokens anymore.

#5 Updated by okurz about 2 months ago

  • Related to action #123867: [sporadic][ci] circleCI job "build-docs-nightly" failed added

#6 Updated by okurz about 2 months ago

  • Due date deleted (2023-02-10)
  • Status changed from Feedback to Resolved

#123867 turned out to be not related. I assume we are good.

Also available in: Atom PDF