Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve release workflow and remove ADMIN_GITHUB_TOKEN #3143

Open
t92549 opened this issue Jan 3, 2024 · 1 comment
Open

Improve release workflow and remove ADMIN_GITHUB_TOKEN #3143

t92549 opened this issue Jan 3, 2024 · 1 comment
Labels
automation GitHub Actions, CI/CD
Milestone
Backlog

Comments

@t92549
Copy link
Contributor

t92549 commented Jan 3, 2024

The release pipeline should be tidied up, release branches could be removed and replaced with tagging the master branch.

Additionally, a lot of the release pipelines rely on an admin's GitHub token in order to commit to protected branches:

Gaffer/.github/workflows/release.yaml

Line 31 in b2bca5e

token: ${{ secrets.ADMIN_GITHUB_TOKEN }}

Ideally this would be replaced with PRs perhaps, and the ADMIN_GITHUB_TOKEN removed.
@t92549 t92549 added the automation GitHub Actions, CI/CD label Jan 3, 2024
@GCHQDeveloper314 GCHQDeveloper314 added this to the Backlog milestone Mar 15, 2024
@GCHQDeveloper314
Copy link
Member

Removing the automatic merge and requiring PRs instead could work but I would favour changing the token so that it's provided by a GitHub App. This is fetched at runtime and doesn't require any secrets to be stored.

Repository settings can then be configured so that only the App (bot) user is allowed to make commits without a PR and approvals. The App user could also be set as the committer.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
automation GitHub Actions, CI/CD
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
2 participants
@t92549 @GCHQDeveloper314