[treescript] Stop using the releng-treescript app for Gecko l10n bumps
#1055
Labels
Comments
|
Note that this issue will be valid even after Gecko moves to Github (as long as l10n remains in a separate repo). |
|
The other big place this would be useful is for chain of trust verification. We currently use access tokens for this, but those have a lower rate limit than apps IIRC. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We added the ability to store l10n changes in a separate Github repo for Gecko l10n bumps:
3938c24
We currently authenticate as the
releng-treescriptapp to do things like get the latest commit and return the contents of files. This is useful for avoiding Github rate limits. However, we do not actually commit any changes to these external l10n repos. Therefore usingreleng-treescript, which has write access to a repo, does not follow the Principle of Least Privilege.Instead, I believe we should create a generic
releng-readonly(name TBD) app that only has read access to the repos. Then, we can install this app anywhere we simply want read access (e.g for higher rate limits or for access to private repos).The text was updated successfully, but these errors were encountered: