I think putting in the Infra can be a really good solution. We do not expose the credential to the outside and we can make sure it can be run in a timely manner.
Thanks, Qing On 7/12/18, 11:11 AM, "Marco de Abreu" <marco.g.ab...@googlemail.com.INVALID> wrote: Hello Cathy, unfortunately, we're not allowed to use bot accounts at Apache. An option we have is that we run your bot in our infrastructure with the credentials of a committer with the permission you have mentioned. The only restriction would be that you would not be able to access that server because the credentials are confidential user data of a committer. Would this work for you? Best regards, Marco On Thu, Jul 12, 2018 at 8:57 PM Yuelin Zhang <zhangyuelinch...@gmail.com> wrote: > Hi, > > I am working to improve the GitHub issue triage process by creating a label > bot(more info here > < > https://cwiki.apache.org/confluence/display/MXNET/Deep+Learning+Based+GitHub+Label+Bot > > > on > the cwiki), I have initial version of label bot ready. I would like to get > some opinions about access permission of MXNet label bot. > > Right now, all issues in MXNet repo are manually labeled. The process looks > like below: > First, contributors/committers go through the issues to triage them and > suggest labels and add comment on the issue requesting @committer to add > labels. > > This process will cause notification spam to both committers and users. The > long gap between user creating an issue and we labelling them will cause > the process time consuming and not very smooth. > > We want to simplify/automate this issue labeling process. Right now an > initial version of the label bot which can: > > 1. Send issue report daily. This report will show how many issue > open/closed, list uncommented/unlabeled issues and show an pie chart of > labels added in a week. Sample report here > < > https://cwiki.apache.org/confluence/display/MXNET/Deep+Learning+Based+GitHub+Label+Bot#DeepLearningBasedGitHubLabelBot-SampleIssueReport > > > . > 2. Generate a spread sheet of unlabeled issues with recommended labels. > A contributor will open the sheet and fill in labels with reference of > bot's recommendations. In this case, contributor can deal with all > unlabeled issues at a time. Sample sheet here > < > https://cwiki.apache.org/confluence/display/MXNET/Deep+Learning+Based+GitHub+Label+Bot#DeepLearningBasedGitHubLabelBot-SampleSpreadSheet > > > . > 3. Read labels filled in that sheet and apply labels to GitHub issues. > (tested on my personal Github repo) > > > This bot can be triggered daily so that all issues will be labeled in one > day without notification spam. > > *However, this bot doesn't have access to add labels. We have two > options:* > > - Use a committer's Oauth token with limited scope. So far according to my > research, the most limited scope is "public_repo", this contains access to > code. Except this one, Github doesn't have smaller scope available to add > labels. Available scopes here > < > https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/ > > > . > > - Create a bot account having minimum permissions. For this, we will need > an account to be created from Apache Infrastructure with proper access and > they can control the access for the account through secret manager > <https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html> . > Having a bot account is beneficial for future work, not only for labelling > but also other automatic processes. > > Please let me know if you have any other ideas to do this. > > Thanks, > Cathy >