Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use a bot account #17

Open
arunsathiya opened this issue Jan 21, 2024 · 6 comments
Open

Use a bot account #17

arunsathiya opened this issue Jan 21, 2024 · 6 comments
Assignees
Labels
blocked by third-party Blocked by something beyond my control enhancement New feature or request

Comments

@arunsathiya
Copy link
Owner

Should stop using my personal account to submit PRs, and rather attribute them to a bot action:

https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user

@arunsathiya
Copy link
Owner Author

Read and write access to administration, code, pull requests, and workflows - this permission is set so far, and seems to work okay for creating commits but not for creating the pull request itself. Unclear why so far.

image

@arunsathiya
Copy link
Owner Author

Also worth noting that the commit (example arunsathiya/github-webhook-proxy@e8ba0a5, which may not exist in the future) itself does not seem to indicate the badge that this was authored by a bot. Unclear why.

image

@arunsathiya
Copy link
Owner Author

Sounds a lot like the same issue that another person ran into in 2022:

https://github.com/orgs/community/discussions/39178#discussioncomment-8201269

But as noted on that comment, setting maintainer_can_modify to false doesn't seem to have any impact at the moment.

@arunsathiya
Copy link
Owner Author

arunsathiya commented Jan 21, 2024

If you want to attribute app activity to the app instead of to a user, you should authenticate as an app installation instead. For more information, see "Authenticating as a GitHub App installation."

https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/authenticating-with-a-github-app-on-behalf-of-a-user

This part explains why the commit is attributed to the user account instead of the bot/app.

@arunsathiya
Copy link
Owner Author

arunsathiya commented Jan 21, 2024

Authenticating as a GitHub app installation is the way to go. That correctly attributes the commit to the bot user: arunsathiya/github-webhook-proxy@0891431

Homepage Commit
image image

But PRs still fail:

Commit SHA for github-webhook-proxy: 08914318a30631d20addf0d144f5c805966c9f6c
2024/01/21 13:57:07 error preparing PR: POST https://api.github.com/repos/ExpediaGroup/github-webhook-proxy/pulls: 403 Resource not accessible by integration []

Permissions okay though:

{
  "token": "ghs_redacted",
  "expires_at": "2024-01-21T22:51:37Z",
  "permissions": {
    "administration": "write",
    "contents": "write",
    "metadata": "read",
    "pull_requests": "write",
    "workflows": "write"
  },
  "repository_selection": "all"
}

@arunsathiya
Copy link
Owner Author

Need to wait for fine-grained tokens to support "public-but-owned" data:

https://github.com/orgs/community/discussions/36441#discussioncomment-7635050

@arunsathiya arunsathiya self-assigned this Jan 22, 2024
@arunsathiya arunsathiya added enhancement New feature or request blocked by third-party Blocked by something beyond my control labels Jan 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
blocked by third-party Blocked by something beyond my control enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

1 participant