> On Dec 14, 2018, at 3:57 AM, Zoran Regvart <[email protected]> wrote: > > Hi Builders, > I see some projects like Apache Sling use their own GitHub accounts > via personal access tokens on GitHub. I'm guessing this is a > workaround for not having a non-committer collaborator account that > can be used to update commit status from Jenkins pipelines. > > I too have created an account, I needed one just to bypass the API > limits for anonymous access[1]. But since that account is not a > collaborator on GitHub it cannot update the commit status. I.e. the > end result is: > > Could not update commit status, please check if your scan credentials > belong to a member of the organization or a collaborator of the > repository and repo:status scope is selected > > So one way of fixing this is to use my own GitHub account, which I'm, > understandably hesitant to do. > > Another is to have this non-committer account added as a collaborator, > would this violate any ASF rules? > > And, probably the best one, is to have a ASF wide GitHub account that > builds can use.
More or less, +1 . I’m currently going through this whole exercise now. We committed support for Github Branch Source Plug-in (and Github pull request builder) into Apache Yetus and now want to test it. But it’s pretty impossible to do that because the account that we’re using (that’s tied to [email protected]) doesn’t have enough access permissions to really do much. I do think because of how Github works, an ASF-wide one is probably too dangerous. But I can’t see why private@project accounts couldn’t be added so long as folks don’t do dumb things like auto-push code. There has to be a level of trust here unfortunately though which is why it may not come to fruition. :( Side-rant: I think part of the basic problem here is that Github’s view of permissions is really awful. It is super super dumb that accounts have to have admin-level privileges for repos to use the API to do some basic things that can otherwise be gleaned by just scraping the user-facing website. If anyone from Github is here, I’d love to have a chat. ;)
