Migrate from opentelemetrybot to otelbot#1066
Conversation
| | grep -v opentelemetrybot \ | ||
| | grep -v otelbot \ |
There was a problem hiding this comment.
can remove the opentelemetrybot line after the next release
| run: | | ||
| message="Prepare release $VERSION" | ||
| branch="opentelemetrybot/prepare-release-${VERSION}" | ||
| branch="otelbot/prepare-release-${VERSION}" |
There was a problem hiding this comment.
IMPORTANT
This needs to be merged at the same time as https://github.com/open-telemetry/admin/pull/125 (note: maintainers should be able to approve and merge that PR)
| - uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6 | ||
| id: otelbot-token | ||
| with: | ||
| app-id: ${{ vars.OTELBOT_APP_ID }} | ||
| private-key: ${{ secrets.OTELBOT_PRIVATE_KEY }} | ||
|
|
||
| - name: Create pull request against the release branch | ||
| env: | ||
| # not using secrets.GITHUB_TOKEN since pull requests from that token do not run workflows | ||
| GH_TOKEN: ${{ secrets.OPENTELEMETRYBOT_GITHUB_TOKEN }} | ||
| GH_TOKEN: ${{ steps.otelbot-token.outputs.token }} |
There was a problem hiding this comment.
Can I assume it's not very expensive to regenerate this every time? Does this have the benefit of not having the token stored in this repo or what is the benefit?
There was a problem hiding this comment.
yeah, it's not expensive
the benefit is that it's a short-lived token, reducing the window of vulnerability if it were ever compromised
of course, we still have to be vigilant not to expose secrets.OTELBOT_PRIVATE_KEY itself
There was a problem hiding this comment.
Makes sense, thanks for the clarification.
3 participants
See open-telemetry/community#2863 for details.
This PR was generated by Copilot and reviewed by @trask prior to submission.