[Infra] Update release process#7034
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #7034 +/- ##
==========================================
- Coverage 88.85% 88.84% -0.01%
==========================================
Files 271 271
Lines 12970 12970
==========================================
- Hits 11524 11523 -1
- Misses 1446 1447 +1
Flags with carried forward coverage won't be shown. Click here to find out more. |
There was a problem hiding this comment.
Pull request overview
This PR updates the release/publishing GitHub Actions workflows to explicitly scope the permissions granted to the generated GitHub App tokens, and adds the required actions: write capability for dispatching workflows in the opentelemetry-dotnet-contrib repository.
Changes:
- Scope GitHub App token permissions explicitly (contents / pull-requests) in multiple workflows.
- Grant
actions: writeto the GitHub App token used to invoke a remote workflow dispatch.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| .github/workflows/publish-packages-1.0.yml | Scopes the GitHub App token to explicit contents/PR permissions for post-build release drafting and PR notifications. |
| .github/workflows/prepare-release.yml | Scopes GitHub App tokens across multiple prepare-release jobs to explicit contents/PR permissions. |
| .github/workflows/post-release.yml | Adds explicit permissions to GitHub App tokens, including actions: write for invoking a remote workflow. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Explicitly state which permissions are required when obtaining a GitHub App token.
Use a different GitHub app for dispatching the actions workflow and given the appropriate permissions.
Not strictly needed as the repo is public, but for consistency as actions/checkout is used.
Keep the same GitHub App, just move the permission.
Revert step name missed from previous commit. Co-authored-by: Martin Costello <martin@martincostello.com>
Add write permission for pull requests.
`app-id` was made obsolete by `client-id` in 3.1.0.
Remove automated step that does not work and update instructions to run the workflow manually.
martincostello
force-pushed
the
fix-contrib-pr
branch
from
afc5ef8 to
9fa205c
Compare
martincostello
changed the title
|
As discussed in https://github.com/open-telemetry/admin/issues/615, for now this drops the automatic workflow generation and instead changes the release process to be manual. Will look to add some automation to opentelemetry-dotnet-contrib to do a scheduled workflow and compute what tags should have a PR created. If that gets implemented, then I can do a follow-up PR to adjust the documentation. |
| id: otelbot-token | ||
| with: | ||
| app-id: ${{ vars.OTELBOT_DOTNET_APP_ID }} | ||
| client-id: ${{ vars.OTELBOT_DOTNET_APP_ID }} |
There was a problem hiding this comment.
3.1.0 of the action made app-id deprecated in favour of client-id - spotted via a squiggle locally when I was updating the files in VS Code.
Changes
Contributes to #6556.
Merge requirement checklist
Unit tests added/updatedAppropriateCHANGELOG.mdfiles updated for non-trivial changesChanges in public API reviewed (if applicable)