service-manangement-wg: Add temporary group for area bot with admin permissions #726
Conversation
pivotal-marcela-campo
changed the title
beyhan
requested review from
a team,
rkoster,
beyhan,
stephanme,
ameowlia and
ChrisMcGowan
and removed request for
a team
There was a problem hiding this comment.
Do you really need admin rights for dependency bumps?
According to the WG charter yaml, the servicesenablement user is configured as a WG area bot and has already write access for these repos.
If admin rights are really needed, then it looks ok and I will approve.
Hi Stephan, we do for now. This bumps our done from a CI job that just pushes from main and we need the EasyCLA check passing to push, so we probably need to do a PR. We just need admin rights until we have capacity to change the way we do this bumps. |
|
Update from TOC meeting Dec 19, 2023: we aren't going to merge yet, in hopes that the team will find a different work around. If there is not workaround before we enact the restrictions in Jan we will merge this PR. |
|
For cf-deployment, a regular bot user makes version bumps: https://github.com/cloudfoundry/cf-deployment/commits/main/ This works without admin rights: ard-wg-gitbot is part of https://github.com/orgs/cloudfoundry/teams/wg-app-runtime-deployments-bots and this team has only write access for cf-deployment. |
|
@pivotal-marcela-campo do you have more details on this? |
This bot bumps dependencies regularly and requires admin credentials. We are putting this group in place until we are able to implement another strategy (e.g. PR workflow). [#184640225](https://www.pivotaltracker.com/story/show/184640225)
pivotal-marcela-campo
force-pushed
the
sm-temp-bots-admin-group
branch
from
5867aa9
to
ae2216c
Compare
|
Hi @beyhan, we couldn't get around to test our pipelines without admin permissions for the bot. I tried today but had to dependency bumps pending. I tried making a PR with the bot account and succeeded. When we tried at the point this permission removal started being worked on, we were getting errors merging due to EasyCLA pending. The bot seems to have signed that already, I had worked with Chris Clark on that way back and seems to be fine. We would need a bit more time to figure out what the issue is. Our branch protection rules basically require all status checks to succeed, which means tests and EasyCLA. |
|
We've gotten 3 approvals, so I am going to merge. |
This bot bumps dependencies regularly and requires admin credentials. We are putting this group in place until we are able to implement another strategy (e.g. PR workflow).