chore: use publish to bcr reusable workflow for bcr mirroring#3775
chore: use publish to bcr reusable workflow for bcr mirroring#3775kormide wants to merge 1 commit intobazelbuild:mainfrom
Conversation
| fixedReleaser: | ||
| login: scentini | ||
| email: 11149636+scentini@users.noreply.github.com |
There was a problem hiding this comment.
A fixed releaser is no longer required with the workflow because the identity of the publish token is now the actor who opens the PR on the BCR.
kormide
force-pushed
the
publish-to-bcr-workflow
branch
3 times, most recently
from
bf77d17 to
72bb93c
Compare
|
@krasimirgg @scentini as Googlers, can you provide the access token? |
|
Updated the instructions in the PR description to recommend creating a machine user for bazelbuild and using that user to generate a classic PAT. We do this for bazel-contrib and aspect-build and have associated bot users like https://github.com/bazel-contrib-bot. |
|
We already have the token set up at the org level. rules_cc is using it https://github.com/bazelbuild/rules_cc/blob/01a1eced1d61670e3fe1310ccaaa45635aaf90b1/.github/workflows/publish.yaml#L35 |
.github/workflows/publish.yaml
Outdated
| # Tags don't include a "v" prefix | ||
| tag_prefix: "" | ||
| # GitHub repository which is a fork of the upstream where the Pull Request will be opened. | ||
| registry_fork: scentini/bazel-central-registry |
| description: Override the ref to read .bcr templates from | ||
| jobs: | ||
| publish: | ||
| uses: bazel-contrib/publish-to-bcr/.github/workflows/publish.yaml@v1.1.0 |
There was a problem hiding this comment.
Use the latest version here?
There was a problem hiding this comment.
v1.1.0 is the latest version
| jobs: | ||
| publish: | ||
| uses: bazel-contrib/publish-to-bcr/.github/workflows/publish.yaml@v1.1.0 | ||
| with: |
There was a problem hiding this comment.
Is there a consistent user we can use for the commit? Since releases are triggered by changes to version.bzl it would result in random users being the commit author for the release
draft: false
author_name: bazel-io
author_email: bazel-iot@users.noreply.github.comThere was a problem hiding this comment.
@meteorcloudy I made this author info up so can you provide the real credentials?
There was a problem hiding this comment.
curl https://api.github.com/users/bazel-io shows a null email. It's either not public or doesn't have an email because it's a machine user?
There was a problem hiding this comment.
Actually @UebelAndre this is referring to the git committer and author, not who opens the PR. That depends on the PAT used. Which should be bazel-io's?
There was a problem hiding this comment.
Removed the author info.
There was a problem hiding this comment.
@kormide I don't want the author to be a random contributor who happened to trigger the releases. I think it should be a consistent user. A bot preferably but if not that then a Googler.
There was a problem hiding this comment.
Oh, I thought you were concerned about the author of the PR. For the author of the commit, sure, just let me know what to put there and I'll change it.
There was a problem hiding this comment.
cc @scentini who might also be able to provide this info.
kormide
force-pushed
the
publish-to-bcr-workflow
branch
from
72bb93c to
7f2aa93
Compare
kormide
force-pushed
the
publish-to-bcr-workflow
branch
from
7f2aa93 to
1f83fab
Compare
3 participants
Migrate rules_rust off of the deprecated Publish to BCR GitHub app to the newer reusable workflow. The reusable workflow has a number of benefits over the app:
Some actions that maintainer for this ruleset will need to take:
BCR_PUBLISH_TOKENfor the repository or org (see steps). I recommend creating a "machine" user for bazelbuild and generating a classic PAT for that user rather than using an individual's PAT. For example, in bazel-contrib we use the bazel-contrib-bot user to do publishes.