Skip to content

doc: add SECURITY_WG_GITHUB_TOKEN request#950

Merged
RafaelGSS merged 3 commits intomainfrom
token-security-wg
Feb 6, 2025
Merged

doc: add SECURITY_WG_GITHUB_TOKEN request#950
RafaelGSS merged 3 commits intomainfrom
token-security-wg

Conversation

@RafaelGSS
Copy link
Copy Markdown
Member

@RafaelGSS RafaelGSS commented Feb 5, 2025
edited by aduh95
Loading

Refs: #949

permissions on [`nodejs/security-wg`](https://github.com/nodejs/security-wg):
  contents: write
  pull-requests: write

@aduh95
Copy link
Copy Markdown
Contributor

aduh95 commented Feb 5, 2025

To whoever who lands this: careful, the token should be saved on the nodejs-private/security-release, not on the public repo – I mean, I guess we can save it on the public repo as well, but currently it's not necessary. @RafaelGSS am I understanding things correctly?

Side node: maybe the current table is not well fitted for this kind of "cross-repo tokens". /cc @legendecas

@RafaelGSS
Copy link
Copy Markdown
Member Author

RafaelGSS commented Feb 5, 2025

To whoever who lands this: careful, the token should be saved on the nodejs-private/security-release, not on the public repo – I mean, I guess we can save it on the public repo as well, but currently it's not necessary. @RafaelGSS am I understanding things correctly?

Side node: maybe the current table is not well fitted for this kind of "cross-repo tokens". /cc @legendecas

Correct

legendecas
legendecas reviewed Feb 6, 2025
View reviewed changes
Comment thread request-an-access-token.md Outdated
@legendecas
Copy link
Copy Markdown
Member

legendecas commented Feb 6, 2025

Side node: maybe the current table is not well fitted for this kind of "cross-repo tokens".

For additional repo permissions, we can list the request in the PR description. The table should list where the token is installed, so that we can rotate the token by the table.

RafaelGSS
RafaelGSS commented Feb 6, 2025
View reviewed changes
Comment thread request-an-access-token.md Outdated
mhdawson
mhdawson approved these changes Feb 6, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@mhdawson mhdawson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mhdawson
Copy link
Copy Markdown
Member

mhdawson commented Feb 6, 2025

I believe I've added the token as requested

@RafaelGSS RafaelGSS merged commit f5bb09b into main Feb 6, 2025
@RafaelGSS RafaelGSS deleted the token-security-wg branch February 6, 2025 22:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@legendecas legendecas legendecas left review comments

+1 more reviewer

@mhdawson mhdawson mhdawson approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@RafaelGSS @aduh95 @legendecas @mhdawson