Skip to content

Long therm vision

Stéphane Brunner edited this page Jun 3, 2024 · 4 revisions

We will slowly remove the secrets in the GitHub workflow, then everything will pass through the GHCI GitHub application.

That implies that the following repositories will become obsolete:

The repository https://github.com/camptocamp/geospatial-ci-pass will not be available in the CI anymore, should he become obsolete as well?

The following workflow will become obsolete:

  • audit.yaml (soon)
  • backport.yaml (long therm)
  • clean.yaml (long therm)
  • codeql.yaml (already -> use standard one for GitHub project settings)
  • delete-old-workflows-run.yaml (already)
  • pr-checks.yaml (already)

The workflow pull-request-automation.yaml will be kept, what he does can't be done in a GitHub application, and it's not an issue because it uses the standard token.

Publishing

Publishing packages without any secrets:

  • GitHub package: can be done with the standard token using the permissions.package: write.
  • pypi: see: Configuring OpenID Connect in PyPI.
  • npm and DockerHub can be an issue, if it's relay required, we can publish only to GitHub package.

Notification: Notification can become obsolet by e.-g. https://github.com/argoproj-labs/argocd-image-updater

If not, I plan to remove the notification to the argocd repository and replace it by a notification on the repository itself, The notification will be caught by the GitHub application, And the application will notify the argocd repositories that a new Docker image is published.

It's possible that I extract the publishing tool to a separate clean repository.

Clone this wiki locally