Project

General

Profile

action #123661

Updated by okurz about 1 year ago

## Motivation 
 coolo noticed that there are some obs packages that use his token for CI integration: 

 ``` 
 <entry id="12" string="L8QrNuC50kjUlZWQmD4+mMAYApbF9w2sgXOEHvdj" kind="service" description="" triggered_at="2023-01-23 16:23:23 UTC" project="devel:openQA" package="openQA"/> 
 <entry id="3046" string="THZ7YadHSbAa5Kwg5Jy4ud3w" kind="service" description="" triggered_at="2023-01-23 16:23:23 UTC" project="devel:openQA" package="openqa_dev"/> 
 <entry id="3055" string="pqpAr26bZQGTo2TwyPLJX5VV" kind="service" description="" triggered_at="2023-01-23 16:23:23 UTC" project="devel:openqa:ci" package="base"/> 
 <entry id="3058" string="nSiTjKwRQzWn3umDvBx8C4Vc" kind="service" description="" triggered_at="2023-01-23 16:23:22 UTC" project="devel:openqa:ci" package="dependency_bot"/> 
 ``` 

 We should switch to non-personal or in-team tokens like we already do with os-autoinst using a token and account from okurz. It might be desired to use a person in changelogs, not a bot-account. 

 ## Acceptance criteria 
 * **AC1:** no token owned by coolo is used 

 ## Suggestions 
 * Replace the above tokens with non-personal or in-team tokens 
 * Either use okurz same as for os-autoinst or research if a non-personal account is ok with a team mailing list and potentially create new team mailing list and use that account and create token in there 
 * Follow https://openbuildservice.org/help/manuals/obs-user-guide/cha.obs.authorization.token.html

Back