+1 to running it inside a controlled environment. On Thu, Jul 12, 2018 at 11:32 AM, Qing Lan <[email protected]> wrote:
> I think putting in the Infra can be a really good solution. > We do not expose the credential to the outside and we can make sure it can > be run in a timely manner. > > Thanks, > Qing > > On 7/12/18, 11:11 AM, "Marco de Abreu" <[email protected]> > wrote: > > Hello Cathy, > > unfortunately, we're not allowed to use bot accounts at Apache. > > An option we have is that we run your bot in our infrastructure with > the > credentials of a committer with the permission you have mentioned. The > only > restriction would be that you would not be able to access that server > because the credentials are confidential user data of a committer. > Would > this work for you? > > Best regards, > Marco > > On Thu, Jul 12, 2018 at 8:57 PM Yuelin Zhang < > [email protected]> > wrote: > > > Hi, > > > > I am working to improve the GitHub issue triage process by creating > a label > > bot(more info here > > < > > https://cwiki.apache.org/confluence/display/MXNET/Deep+ > Learning+Based+GitHub+Label+Bot > > > > > on > > the cwiki), I have initial version of label bot ready. I would like > to get > > some opinions about access permission of MXNet label bot. > > > > Right now, all issues in MXNet repo are manually labeled. The > process looks > > like below: > > First, contributors/committers go through the issues to triage them > and > > suggest labels and add comment on the issue requesting @committer to > add > > labels. > > > > This process will cause notification spam to both committers and > users. The > > long gap between user creating an issue and we labelling them will > cause > > the process time consuming and not very smooth. > > > > We want to simplify/automate this issue labeling process. Right now > an > > initial version of the label bot which can: > > > > 1. Send issue report daily. This report will show how many issue > > open/closed, list uncommented/unlabeled issues and show an pie > chart of > > labels added in a week. Sample report here > > < > > https://cwiki.apache.org/confluence/display/MXNET/Deep+ > Learning+Based+GitHub+Label+Bot#DeepLearningBasedGitHubLabelBo > t-SampleIssueReport > > > > > . > > 2. Generate a spread sheet of unlabeled issues with recommended > labels. > > A contributor will open the sheet and fill in labels with > reference of > > bot's recommendations. In this case, contributor can deal with all > > unlabeled issues at a time. Sample sheet here > > < > > https://cwiki.apache.org/confluence/display/MXNET/Deep+ > Learning+Based+GitHub+Label+Bot#DeepLearningBasedGitHubLabelBo > t-SampleSpreadSheet > > > > > . > > 3. Read labels filled in that sheet and apply labels to GitHub > issues. > > (tested on my personal Github repo) > > > > > > This bot can be triggered daily so that all issues will be labeled > in one > > day without notification spam. > > > > *However, this bot doesn't have access to add labels. We have two > > options:* > > > > - Use a committer's Oauth token with limited scope. So far according > to my > > research, the most limited scope is "public_repo", this contains > access to > > code. Except this one, Github doesn't have smaller scope available > to add > > labels. Available scopes here > > < > > https://developer.github.com/apps/building-oauth-apps/ > understanding-scopes-for-oauth-apps/ > > > > > . > > > > - Create a bot account having minimum permissions. For this, we will > need > > an account to be created from Apache Infrastructure with proper > access and > > they can control the access for the account through secret manager > > <https://docs.aws.amazon.com/secretsmanager/latest/ > userguide/intro.html> . > > Having a bot account is beneficial for future work, not only for > labelling > > but also other automatic processes. > > > > Please let me know if you have any other ideas to do this. > > > > Thanks, > > Cathy > > > > >
