Loading...

XML

Word

Printable

Details

Type: Story
Resolution: Done
Priority: Normal
Labels:
- cfe-plan
- clid

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Epic Link:
Operationalize OKD+SCOS Pipeline
Feature Link:
OCPSTRAT-707 - Improve RHEL readiness release signal

Sprint:
OKD Sprint 233, OKD Sprint 234

SFDC Cases Links:
SFDC Cases Counter:

Description

When performing an OKD release using skhoury@redhat.com's account via a Personal Access Token, we received an HTTP 403 using the GitHub CLI tool. This poses two problems:

We don't know what permissions are actually required.
It binds the permissions and credentials to an individual or gives a group of individuals a lot of unnecessarily elevated permissions. Thus, it may better to have them bound to a robot account.

Done When:

We understand what permissions are required to create a GitHub release in both the okd-project/okd and okd-project/okd-scos repositories.
Either a robot GitHub account is created or another authentication mechanism (such as an OAuth application) is used.
The credentials needed to do that are created in both the OperateFirst Vault instance and the okd-team namespace on the Smaug cluster.

Attachments

Issue Links

links to

openshift/release#38150: OKD-93: feat: adds a service account to OKD CI

Sub-Tasks

1.	GitHub apps setup and tekton dev changes		Closed		Alex Guidi
2.	PROW changes		Closed		Alex Guidi

Activity

People

Assignee:: Alex Guidi

Reporter:: Zack Zlotnik

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2022/12/02 6:17 PM

Updated:: 2023/12/12 10:36 AM

Resolved:: 2023/04/12 7:55 AM