Page MenuHomeFreeBSD

[skip ci] Add a github workflow step to validate the CODEOWNERS file
Needs ReviewPublic

Authored by asomers on Jun 21 2021, 6:44 PM.

Details

Reviewers
imp
Summary

Sponsored by: Axcient

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint OK
Unit
No Unit Test Coverage
Build Status
Buildable 40028
Build 36917: arc lint + arc unit

Event Timeline

asomers created this revision.
jlduran_gmail.com added inline comments.
.github/workflows/validate-codeowners.yml
18

Is there a reason why a GitHub secret is not used?

.github/workflows/validate-codeowners.yml
18

Please explain:what is a "Github secret" and how does one use it?

.github/workflows/validate-codeowners.yml
18

Sure! A thorough explanation here:

https://docs.github.com/en/actions/reference/encrypted-secrets

A tl;dr would be:

Since this is a github_access_token (i.e. a password), albeit access-restricted, should be protected nonetheless.

For example, it may have read-only access to security/private branches belonging to that account, since the token is exposed to the public, anyone could read the contents of such branches.

By creating a GitHub secret —think of an environment variable for GitHub— you will be able to reference it in any workflow using ${{ secrets.DESCRIPTIVE_NAME }}.

For this particular case, after deleting the published one and creating a new one under the name of OWNERS_VALIDATOR_GITHUB_SECRET (for example), one can replace the last line with:

github_access_token: ${{ secrets.OWNERS_VALIDATOR_GITHUB_SECRET }}
.github/workflows/validate-codeowners.yml
18

Well, that does look like the correct thing to do. But I can't do it, because I don't have admin rights to the Github repo. Maybe @imp does, or knows who does?