-
Epic
-
Resolution: Done
-
Critical
-
None
-
remove-plans-from-github-app
-
False
-
-
False
-
In Progress
-
0% To Do, 0% In Progress, 100% Done
-
-
As a DevOps Engineer,
I want to verify if the Pipelines-as-Code (PaC) can operate without the "plans" permission on the GitHub app,
So that we can minimize the broad access rights associated with the "plans" permission and enhance security.
Acceptance Criteria:
- Documentation Review:
- Review the GitHub documentation on permissions required for GitHub apps, focusing on the "plans" permission.
- Understand the scope and implications of the "plans" permission.
- Permission Analysis:
- Identify the specific actions and operations that the "plans" permission enables.
- Determine which of these actions are necessary for the functioning of Pipelines-as-Code.
- Testing Without "Plans" Permission:
- Configure the GitHub app to run Pipelines-as-Code without the "plans" permission.
- Monitor the pipeline execution to identify any failures or limitations caused by the lack of "plans" permission.
- Document Findings:
- Document the results of the tests, including any issues encountered and their impact on the pipeline.
- Provide recommendations on whether the "plans" permission can be safely removed or if alternative permissions can be used.
- Security Review:
- Assess the security benefits of removing the "plans" permission.
- Ensure that the removal of the permission does not introduce new security risks or operational challenges.
- Dogfood:
- Dogfood internally the change (on Konflux)
- Stakeholder Approval:
- Present the findings and recommendations to relevant stakeholders for approval.
- Implement the changes based on the approved recommendations.
- is cloned by
-
RHDEVDOCS-6405 [DOC] Evaluate Pipelines-as-Code plan Permissions for GitHub App
-
- Closed
-
- is documented by
-
-
- Closed
-
-
RHDEVDOCS-6456 [DOC] Reevaluate plans Pipelines-as-Code Permissions for GitHub App
-
- Closed
-
