Purpose: Allow per-project github repo:status tokens to enable jenkins repo:status updates without hitting global asf-ci rate limits.
INFRA-19879Getting issue details...
INFRA-20042Getting issue details...
- Create a lastpass entry under Github CI Tokens for Projects
- Name the user asf-ci-projectname, e.g. asf-ci-geode
- use the email address email@example.com
- this uses qmail's - separator to automatically send firstname.lastname@example.org mail to email@example.com, no explicit alias needed
- Create a password and store it in lastpass
- Create a Github user with the credentials you just created
- Add that user to the ASF github org as a member, and add them to the project committers team
- NB: grouper has code which now ignores asf-ci* accounts preventing them from being removed from the team
- Log into github as the asf-ci-projectname user you just created, and set up an oauth token with the repo:status scope ONLY.
- Make sure you reference the ticket in the Notes for the token when creating.
- Add the ticket ID, repo:status token to the lastpass entry:
- repo:status token for geode (INFRA-20042): ##TOKENSTRINGHERE##
- Provide the token via secure means to the project requestor.
Purpose: Used by projects during Github Actions to publish results to another repository when the Action is run.
Mainly used for website deployments from Github repo apache/$project to apache/$project-website.
INFRA-21453Getting issue details...
INFRA-21607Getting issue details...
INFRA-23044Getting issue details...
INFRA-23220Getting issue details...
- Using a private tab/window, log into github.com using the asf-ci-deploy user (credentials in LastPass)
- In Settings → Developer Settings → Personal Access Tokens , click on 'Generate New Token'
(There may be existing tokens in there, leave them, we use one token per project)
- Copy the Token and add it to the LastPass credentials.
- In the projects source repository (the one using the Action) create a new Secret with appropriate name
and use the newly created PAT as the value. e.g.
- Give the asf-ci-deploy user write access to the target repository.
- All done, notify the project of the new Secret Name only, no need to provide them the Token itself.