ResourceModules icon indicating copy to clipboard operation
ResourceModules copied to clipboard
verified publisher icon Azure

[Feature Request]: Implement an alternative solution to the current GitHub readme update approach

Open AlexanderSehr opened this issue 2 years ago • 3 comments

Description

Description

Currentlty, several files in the repository (e.g., ./README.md, ./modules/README.md) and others in the docs are maintained automatically using an automated pipeline.

The challenge: In order to update these files following a pull request, the operating principal must have permissions to push to main. This is, in general, not ideal as this means at least one user must have permissions to bypass the default branching policies.

To this end, we should consider implementing an alternative solution that uses for example self-approved pull requests instead.

Acceptance criteria

A more secure solution that is not dependent on PAT tokens is implemented and operational.

AlexanderSehr avatar Apr 27 '23 14:04 AlexanderSehr

Let's revisit this item to collect some inputs from contributors such as @jtracey93 & @matt-FFFFFF.

AlexanderSehr avatar May 25 '23 09:05 AlexanderSehr

Two options as I see it:

  1. The auto doc generation is run by the developer, the pipeline checks that it has been run and fails if not.
  2. Use a GH app to push to the repo and create PR. However strongly opposed to auto-approval. 1ES does not like it either.

matt-FFFFFF avatar May 25 '23 09:05 matt-FFFFFF

Someone can volunteer to implement this and then present the solution for review.

lsnoddy avatar Jun 26 '23 15:06 lsnoddy