-
Notifications
You must be signed in to change notification settings - Fork 4
Long therm vision
We will slowly remove the secrets in the GitHub workflow, then everything will pass through the GHCI GitHub application.
That implies that the following repositories will become obsolete:
- https://github.com/camptocamp/initialise-gopass-summon-action/
- https://github.com/camptocamp/python-action/
The repository https://github.com/camptocamp/geospatial-ci-pass will not be available in the CI anymore, should he become obsolete as well?
The following workflow will become obsolete:
-
audit.yaml
(soon) -
backport.yaml
(long therm) -
clean.yaml
(long therm) -
codeql.yaml
(already -> use standard one for GitHub project settings) -
delete-old-workflows-run.yaml
(already) -
pr-checks.yaml
(already)
The workflow pull-request-automation.yaml
will be kept, what he does can't be done in a GitHub application, and it's not an issue because it uses the standard token.
Publishing packages without any secrets:
- GitHub package: can be done with the standard token using the
permissions
.package
:write
. - pypi: see: Configuring OpenID Connect in PyPI.
- npm and DockerHub can be an issue, if it's relay required, we can publish only to GitHub package.
Notification: Notification can become obsolet by e.-g. https://github.com/argoproj-labs/argocd-image-updater
If not, I plan to remove the notification to the argocd repository and replace it by a notification on the repository itself, The notification will be caught by the GitHub application, And the application will notify the argocd repositories that a new Docker image is published.
It's possible that I extract the publishing tool to a separate clean repository.