Add BCR publishing automation with workflow and configuration #12555
Conversation
kannanjgithub
added
the
kokoro:run
grpc-kokoro
removed
the
kokoro:run
kannanjgithub
left a comment
kannanjgithub
left a comment
There was a problem hiding this comment.
Thanks for the contribution.
|
|
||
| - Go to Settings → Actions → General → Workflow permissions | ||
| - Ensure "Read and write permissions" is selected | ||
| - Ensure "Allow GitHub Actions to create and approve pull requests" is checked |
There was a problem hiding this comment.
I'm not sure if this permission is granted and I don't have access to the repository options in Settings. Adding Eric as reviewer who has that access.
There was a problem hiding this comment.
In no way do we want to give this write permissions to grpc-java. If that's required, then we will simply continue not publishing to BCR. That's not okay, as we try to give almost nothing write access to our repository. It would be fine to give it write permissions to a repo like https://github.com/grpc/bazel-central-registry
|
|
||
| 1. Go to the grpc-java repository Settings → Secrets and variables → Actions | ||
| 2. Click "New repository secret" | ||
| 3. Name: `BCR_PUBLISH_TOKEN` |
There was a problem hiding this comment.
I have added a new repository secret with this name.
There was a problem hiding this comment.
We don't want to do that. Your account has permissions to lots of things we don't want this to have access to. We can try to purpose one of our robot accounts for this, although right now I think they have more access then we'd want as well. We need to determine a way to give it write access to only what it needs.
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
4 participants
Description
Add BCR publishing automation with workflow and configuration
Based on https://github.com/bazelbuild/bazel-central-registry/tree/main/modules/grpc-java and https://github.com/bazel-contrib/publish-to-bcr/tree/main?tab=readme-ov-file#setup