I think putting in the Infra can be a really good solution. 
We do not expose the credential to the outside and we can make sure it can be 
run in a timely manner.

Thanks,
Qing

´╗┐On 7/12/18, 11:11 AM, "Marco de Abreu" <marco.g.ab...@googlemail.com.INVALID> 
wrote:

    Hello Cathy,
    
    unfortunately, we're not allowed to use bot accounts at Apache.
    
    An option we have is that we run your bot in our infrastructure with the
    credentials of a committer with the permission you have mentioned. The only
    restriction would be that you would not be able to access that server
    because the credentials are confidential user data of a committer. Would
    this work for you?
    
    Best regards,
    Marco
    
    On Thu, Jul 12, 2018 at 8:57 PM Yuelin Zhang <zhangyuelinch...@gmail.com>
    wrote:
    
    > Hi,
    >
    > I am working to improve the GitHub issue triage process by creating a 
label
    > bot(more info here
    > <
    > 
https://cwiki.apache.org/confluence/display/MXNET/Deep+Learning+Based+GitHub+Label+Bot
    > >
    > on
    > the cwiki), I have initial version of label bot ready. I would like to get
    > some opinions about access permission of MXNet label bot.
    >
    > Right now, all issues in MXNet repo are manually labeled. The process 
looks
    > like below:
    > First, contributors/committers go through the issues to triage them and
    > suggest labels and add comment on the issue requesting @committer to add
    > labels.
    >
    > This process will cause notification spam to both committers and users. 
The
    > long gap between user creating an issue and we labelling them will cause
    > the process time consuming and not very smooth.
    >
    > We want to simplify/automate this issue labeling process. Right now an
    > initial version of the label bot which can:
    >
    >    1.  Send issue report daily. This report will show how many issue
    >    open/closed, list uncommented/unlabeled issues and show an pie chart of
    >    labels added in a week. Sample report here
    >    <
    > 
https://cwiki.apache.org/confluence/display/MXNET/Deep+Learning+Based+GitHub+Label+Bot#DeepLearningBasedGitHubLabelBot-SampleIssueReport
    > >
    >    .
    >    2.  Generate a spread sheet of unlabeled issues with recommended 
labels.
    >    A contributor will open the sheet and fill in labels with reference of
    >    bot's recommendations. In this case, contributor can deal with all
    >    unlabeled issues at a time. Sample sheet here
    >    <
    > 
https://cwiki.apache.org/confluence/display/MXNET/Deep+Learning+Based+GitHub+Label+Bot#DeepLearningBasedGitHubLabelBot-SampleSpreadSheet
    > >
    >    .
    >    3.  Read labels filled in that sheet and apply labels to GitHub issues.
    >    (tested on my personal Github repo)
    >
    >
    > This bot can be triggered daily so that all issues will be labeled in one
    > day without notification spam.
    >
    > *However,  this bot doesn't have access to add labels. We have two
    > options:*
    >
    > - Use a committer's Oauth token with limited scope. So far according to my
    > research, the most limited scope is "public_repo", this contains access to
    > code. Except this one, Github doesn't have smaller scope available to add
    > labels. Available scopes here
    > <
    > 
https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/
    > >
    > .
    >
    > - Create a bot account having minimum permissions. For this, we will need
    > an account to be created from Apache Infrastructure with proper access and
    > they can control the access for the account through secret manager
    > <https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html> .
    > Having a bot account is beneficial for future work, not only for labelling
    > but also other automatic processes.
    >
    > Please let me know if you have any other ideas to do this.
    >
    > Thanks,
    > Cathy
    >
    

Reply via email to