GitHub tokens
This section describes procedures to update and maintain
GitHub tokens, which are needed for the
pkgcheck,
pkgcheck-action, and
roreviewapi
packages.
The “RRT_TOKEN”
“RRT” is the abbreviation of “ROpenSci Review Tools”, and the “RRT_TOKEN” is
the main token used in pkgcheck to build the Docker image needed by the
external bot service, as well as the pkgcheck-action.
This token must be generated as a personal token by somebody with
administrative rights to all repositories. That means the token must first be
generated from that person’s personal GitHub settings. Once (re-)generated, the
token can then be copied across to the tokens in both the
pkgcheck and
pkgcheck-action
repositories.
All token should be given durations of 60 days at most. A GitHub Actions
workflow run in the pkgcheck
repository
issues a monthly notification to a specified pkgcheck issue for the nominated
person to update the token.
Assigning “RRT_TOKEN” updates to a different person
The person assuming responsibility for “RRT_TOKEN” updates must:
Update the
pkgcheckworkflow file to ping their own GitHub name on the first line of thebodycommand (currently @mpadge).Respond to the notifications each time they are issued, which is currently every month. (The “0 0 1” cron specification is “hour minute day-of-month”, so 00:00 on the 1st day of each month.)
Other tokens
roreviewapi
The roreviewapi
repository holds one
single token, “DO_IP”, which stores the IP address of the Digital Ocean droplet
used to host the pkgcheck external service called by the bot.
pkgcheck-action
The only token held in the pkgcheck-action
repository is the “RRT_TOKEN” described above.
pkgcheck
The pkgcheck
repository holds the following tokens:
DOCKER_USERNAME&DOCKER_PASSWORD: Currently set for private account of @mpadge, but could easily be modified to other values. Modification would then require updating the first line of the Dockerfile in theroreviewapirepository to update the source of the base Docker image used to build that container.NETLIFY_SITE_ID&NETLIFY_TOKEN: Currently not used.UNAME: Currently not used.
No other tokens in pkgcheck are currently used.