Gaffer icon indicating copy to clipboard operation
Gaffer copied to clipboard

Published 20 hours ago verified publisher icon gchq

Improve release workflow and remove ADMIN_GITHUB_TOKEN

Open t92549 opened this issue 1 year ago • 1 comments

The release pipeline should be tidied up, release branches could be removed and replaced with tagging the master branch.

Additionally, a lot of the release pipelines rely on an admin's GitHub token in order to commit to protected branches: https://github.com/gchq/Gaffer/blob/b2bca5ed5b91409f5db36d57add4d5a70aa30bfb/.github/workflows/release.yaml#L31

Ideally this would be replaced with PRs perhaps, and the ADMIN_GITHUB_TOKEN removed.

t92549 avatar Jan 03 '24 14:01 t92549

Removing the automatic merge and requiring PRs instead could work but I would favour changing the token so that it's provided by a GitHub App. This is fetched at runtime and doesn't require any secrets to be stored.

Repository settings can then be configured so that only the App (bot) user is allowed to make commits without a PR and approvals. The App user could also be set as the committer.

GCHQDeveloper314 avatar May 20 '24 16:05 GCHQDeveloper314