Hello, I have just had a quick chat with Apache Infra on HipChat and asked about a few more details around the restrictions of a GitHub bots. It seems like the biggest restriction is that the bot is unable to make commits due to all committers requiring an ICLA. Luckily, this is not a requirement for this bot, so we should be good with moving ahead.
Infra instructed me to get a JIRA ticket filed against them, containing all details. I have requested Suneel Marthi to create the ticket on our behalf (due to the restriction that we are not allowed to file tickets ourselves). It should have the following content: ---------------------- The Apache MXNet (incubating) community is requesting a GitHub bot account (see https://lists.apache.org/thread.html/c0918f100204bc7270951fd31de7a58d376dfef061e184ae64c0c90c@%3Cdev.mxnet.apache.org%3E). The bot only needs to execute the following actions: - Apply labels - Remove labels - Add comments - Edit comments We would appreciate it if we could be provided with such an account. ---------------------- I will come back as soon as I got new information. Until then, the deployment of the label bot is blocked. Best regards, Marco On Fri, Jul 13, 2018 at 7:20 AM Yuelin Zhang <zhangyuelinch...@gmail.com> wrote: > That's a very good solution! I will provide documentations about how to > run/test/maintain it. Will reach out to see how can we collaborate on it. > > Thanks, > Cathy > > On Thu, Jul 12, 2018 at 4:09 PM, Naveen Swamy <mnnav...@gmail.com> wrote: > > > +1 to running it inside a controlled environment. > > > > On Thu, Jul 12, 2018 at 11:32 AM, Qing Lan <lanking...@live.com> wrote: > > > > > I think putting in the Infra can be a really good solution. > > > We do not expose the credential to the outside and we can make sure it > > can > > > be run in a timely manner. > > > > > > Thanks, > > > Qing > > > > > > On 7/12/18, 11:11 AM, "Marco de Abreu" <marco.g.ab...@googlemail.com. > > INVALID> > > > wrote: > > > > > > Hello Cathy, > > > > > > unfortunately, we're not allowed to use bot accounts at Apache. > > > > > > An option we have is that we run your bot in our infrastructure > with > > > the > > > credentials of a committer with the permission you have mentioned. > > The > > > only > > > restriction would be that you would not be able to access that > server > > > because the credentials are confidential user data of a committer. > > > Would > > > this work for you? > > > > > > Best regards, > > > Marco > > > > > > On Thu, Jul 12, 2018 at 8:57 PM Yuelin Zhang < > > > zhangyuelinch...@gmail.com> > > > wrote: > > > > > > > Hi, > > > > > > > > I am working to improve the GitHub issue triage process by > creating > > > a label > > > > bot(more info here > > > > < > > > > https://cwiki.apache.org/confluence/display/MXNET/Deep+ > > > Learning+Based+GitHub+Label+Bot > > > > > > > > > on > > > > the cwiki), I have initial version of label bot ready. I would > like > > > to get > > > > some opinions about access permission of MXNet label bot. > > > > > > > > Right now, all issues in MXNet repo are manually labeled. The > > > process looks > > > > like below: > > > > First, contributors/committers go through the issues to triage > them > > > and > > > > suggest labels and add comment on the issue requesting @committer > > to > > > add > > > > labels. > > > > > > > > This process will cause notification spam to both committers and > > > users. The > > > > long gap between user creating an issue and we labelling them > will > > > cause > > > > the process time consuming and not very smooth. > > > > > > > > We want to simplify/automate this issue labeling process. Right > now > > > an > > > > initial version of the label bot which can: > > > > > > > > 1. Send issue report daily. This report will show how many > > issue > > > > open/closed, list uncommented/unlabeled issues and show an pie > > > chart of > > > > labels added in a week. Sample report here > > > > < > > > > https://cwiki.apache.org/confluence/display/MXNET/Deep+ > > > Learning+Based+GitHub+Label+Bot#DeepLearningBasedGitHubLabelBo > > > t-SampleIssueReport > > > > > > > > > . > > > > 2. Generate a spread sheet of unlabeled issues with > recommended > > > labels. > > > > A contributor will open the sheet and fill in labels with > > > reference of > > > > bot's recommendations. In this case, contributor can deal with > > all > > > > unlabeled issues at a time. Sample sheet here > > > > < > > > > https://cwiki.apache.org/confluence/display/MXNET/Deep+ > > > Learning+Based+GitHub+Label+Bot#DeepLearningBasedGitHubLabelBo > > > t-SampleSpreadSheet > > > > > > > > > . > > > > 3. Read labels filled in that sheet and apply labels to > GitHub > > > issues. > > > > (tested on my personal Github repo) > > > > > > > > > > > > This bot can be triggered daily so that all issues will be > labeled > > > in one > > > > day without notification spam. > > > > > > > > *However, this bot doesn't have access to add labels. We have > two > > > > options:* > > > > > > > > - Use a committer's Oauth token with limited scope. So far > > according > > > to my > > > > research, the most limited scope is "public_repo", this contains > > > access to > > > > code. Except this one, Github doesn't have smaller scope > available > > > to add > > > > labels. Available scopes here > > > > < > > > > https://developer.github.com/apps/building-oauth-apps/ > > > understanding-scopes-for-oauth-apps/ > > > > > > > > > . > > > > > > > > - Create a bot account having minimum permissions. For this, we > > will > > > need > > > > an account to be created from Apache Infrastructure with proper > > > access and > > > > they can control the access for the account through secret > manager > > > > <https://docs.aws.amazon.com/secretsmanager/latest/ > > > userguide/intro.html> . > > > > Having a bot account is beneficial for future work, not only for > > > labelling > > > > but also other automatic processes. > > > > > > > > Please let me know if you have any other ideas to do this. > > > > > > > > Thanks, > > > > Cathy > > > > > > > > > > > > > > > >
