repo:status (Jenkins)

Purpose: Allow per-project github repo:status tokens to enable jenkins repo:status updates without hitting global asf-ci rate limits.

Related tickets:

INFRA-19879 - Getting issue details... STATUS

INFRA-20042 - Getting issue details... STATUS


  • Create a lastpass entry under Github CI Tokens for Projects
  • Name the user asf-ci-projectname, e.g. asf-ci-geode
  • use the email address
    • this uses qmail's - separator to automatically send root-*@a.o mail to root@a.o, no explicit alias needed
  • Create a password and store it in lastpass
  • Create a Github user with the credentials you just created
  • Add that user to the ASF github org as a member, and add them to the project committers team
    • NB: grouper has code which now ignores asf-ci* accounts preventing them from being removed from the team
  • Log into github as the asf-ci-projectname user you just created, and set up an oauth token with the repo:status scope ONLY. 
    • Make sure you reference the ticket in the Notes for the token when creating.
  • Add the ticket ID, repo:status token to the lastpass entry:
    • repo:status token for geode (INFRA-20042): ##TOKENSTRINGHERE##
  • Provide the token via secure means to the project requestor.

public_repo (Github)

Purpose: Used by projects during Github Actions to publish results to another repository when the Action is run.
                Mainly used for website deployments from Github repo apache/$project to apache/$project-website.

Related Tickets:

INFRA-21453 - Getting issue details... STATUS
INFRA-21607 - Getting issue details... STATUS

INFRA-23044 - Getting issue details... STATUS

INFRA-23220 - Getting issue details... STATUS


  1. Using a private tab/window, log into using the asf-ci-deploy user (credentials in LastPass)
  2. In Settings → Developer Settings → Personal Access Tokens , click on 'Generate New Token'

    (There may be existing tokens in there, leave them, we use one token per project)
  3. Copy the Token and add it to the LastPass credentials.
  4. In the projects source repository (the one using the Action) create a new Secret with appropriate name 
    and use the newly created PAT as the value. e.g. $PREOJECT_WEBSITE_BUILD etc
  5. Give the asf-ci-deploy user write access to the target repository.
  6. All done, notify the project of the new Secret Name only, no need to provide them the Token itself.