-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[GH Request] Create a new bot that runs repo health job on openedx repos #738
Comments
Thank you for your report! @openedx/axim-oncall will triage within a business day. Simple requests usually take 2-3 business days to resolve; more complex requests could take longer. |
@kdmccormick it seems like you are already in the weeds on this, should you be the assignee? |
@e0d I'm at capacity right now, but I could work on this next time I'm on call, 5/29-6/9. |
@ohnickmoy does that delay work for you or do you need this sooner? |
I was the original requester. We're in no particular rush, this is just a relatively long-standing issue we wanted to address. |
Sounds good, I'll take a look in early June then. |
(late June) |
@ohnickmoy @rgraber Coming back to this (thanks for your patience!), I see that @UsamaSadiq has made progress in moving the repo health dashboard collection job to GitHub Actions: edx/edx-arch-experiments#66 Given that GitHub Actions running from openedx repositories all have a Does that sound right? Am I missing anything? |
From my perspective I just need to make sure the GITHUB_TOKEN can also access dependabot alerts. |
Yes, the GITHUB_TOKEN should grant access to dependabot alerts, unless any repository admins have explicitly changed this setting to "Read repository contents and package permissions": If that is the case (which would surprise me), then let me know, and we can reach out to those repos' maintainers and explain that we are changing the setting to "Read and write", unless they have any specific objections. |
Ok. I think we should be able to find out if we don't have access. |
I created and shared this blank Google sheet, but I'm not sure what the best way is to create a Sheets API key for you folks to put into the repo health jobs. I figure that you all have an idea how you'd like to connect to Google Sheets since you've done it before. So, if and when you want this data to be pushed into an Axim-owned spreadsheet, just open a new Axim request with instructions for us on how to create an API key for the repo health job. Alternatively, if you folks would like to own the output sheet, that works too. |
@rgraber, do you wanna discuss the sheet logistics sometime in the future? |
Firm Name
2U
Urgency
Medium (< 2 weeks)
Problem/Request
Carry over from #717
As discussed from the above linked issue, Axim and 2U decided to have a separate bot user run the repo health check on their repos so that security practices don't get exposed to each other.
Information in regards to this comment:
Other steps:
Reasoning
This is mainly for getting information for dependabot alerts into the spreadsheet so that repo owners are on top of things when updating repos and keeping things secure
The text was updated successfully, but these errors were encountered: