I think putting in the Infra can be a really good solution.
We do not expose the credential to the outside and we can make sure it can be
run in a timely manner.
Thanks,
Qing
On 7/12/18, 11:11 AM, "Marco de Abreu" <marco.g.ab...@googlemail.com.INVALID>
wrote:
Hello Cathy,
unfortunately, we're not allowed to use bot accounts at Apache.
An option we have is that we run your bot in our infrastructure with the
credentials of a committer with the permission you have mentioned. The only
restriction would be that you would not be able to access that server
because the credentials are confidential user data of a committer. Would
this work for you?
Best regards,
Marco
On Thu, Jul 12, 2018 at 8:57 PM Yuelin Zhang <zhangyuelinch...@gmail.com>
wrote:
> Hi,
>
> I am working to improve the GitHub issue triage process by creating a
label
> bot(more info here
> <
>
https://cwiki.apache.org/confluence/display/MXNET/Deep+Learning+Based+GitHub+Label+Bot
> >
> on
> the cwiki), I have initial version of label bot ready. I would like to get
> some opinions about access permission of MXNet label bot.
>
> Right now, all issues in MXNet repo are manually labeled. The process
looks
> like below:
> First, contributors/committers go through the issues to triage them and
> suggest labels and add comment on the issue requesting @committer to add
> labels.
>
> This process will cause notification spam to both committers and users.
The
> long gap between user creating an issue and we labelling them will cause
> the process time consuming and not very smooth.
>
> We want to simplify/automate this issue labeling process. Right now an
> initial version of the label bot which can:
>
> 1. Send issue report daily. This report will show how many issue
> open/closed, list uncommented/unlabeled issues and show an pie chart of
> labels added in a week. Sample report here
> <
>
https://cwiki.apache.org/confluence/display/MXNET/Deep+Learning+Based+GitHub+Label+Bot#DeepLearningBasedGitHubLabelBot-SampleIssueReport
> >
> .
> 2. Generate a spread sheet of unlabeled issues with recommended
labels.
> A contributor will open the sheet and fill in labels with reference of
> bot's recommendations. In this case, contributor can deal with all
> unlabeled issues at a time. Sample sheet here
> <
>
https://cwiki.apache.org/confluence/display/MXNET/Deep+Learning+Based+GitHub+Label+Bot#DeepLearningBasedGitHubLabelBot-SampleSpreadSheet
> >
> .
> 3. Read labels filled in that sheet and apply labels to GitHub issues.
> (tested on my personal Github repo)
>
>
> This bot can be triggered daily so that all issues will be labeled in one
> day without notification spam.
>
> *However, this bot doesn't have access to add labels. We have two
> options:*
>
> - Use a committer's Oauth token with limited scope. So far according to my
> research, the most limited scope is "public_repo", this contains access to
> code. Except this one, Github doesn't have smaller scope available to add
> labels. Available scopes here
> <
>
https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/
> >
> .
>
> - Create a bot account having minimum permissions. For this, we will need
> an account to be created from Apache Infrastructure with proper access and
> they can control the access for the account through secret manager
> <https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html> .
> Having a bot account is beneficial for future work, not only for labelling
> but also other automatic processes.
>
> Please let me know if you have any other ideas to do this.
>
> Thanks,
> Cathy
>
