-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove pl-deploy-bot
from the org
#66
Remove pl-deploy-bot
from the org
#66
Conversation
Remove pl-deploy-bot
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me. I can merge in a day if no one else chimes in.
The following access changes will be introduced as a result of applying the plan: Access Changes
|
@galargh : can you help educate me on how to handle this?
I'm not seeing anything in https://github.com/orgs/filecoin-project/people/pl-deploy-bot that would prevent this. My fallback is to remove the user from the UI and then merge this PR. |
Oh, it looks like we prevent member deletes per https://github.com/filecoin-project/github-mgmt/blob/master/terraform/resources.tf#L9 @galargh : is that intentional? What's the recommended way forward? |
This is intentional. This is because org member removals are hard to revert. To re-invite someone, they have to accept the invitation. This is a security measure. There are 2 intended ways forward for this.
|
Before merge, verify that all the following plans are correct. They will be applied as-is after the merge. Terraform plansfilecoin-project
|
Ack, got it. Here is my plan:
|
I confirmed this PR was applied: https://github.com/filecoin-project/github-mgmt/actions/runs/10816661876 I removed the member from the UI: |
Docs for how to remove a member: #72 Here is the sync workflow run to update now that the user has been removed: https://github.com/filecoin-project/github-mgmt/actions/runs/10816816463 |
Summary
When reviewing the Lotus-Infra repository, which FilOz now maintains, we encountered the
pl-deploy-bot
user. We believe this bot was originally created as part of a GitOps contract between Protocol Labs and Weaveworks.We've determined that the bot is no longer used in the lotus-infra repository. For security reasons, we recommend removing the pl-deploy-bot user from the organization entirely, and are opening this PR to propose this change and get feedback. If anyone is aware of any current uses for this bot within the organization, please let us know.
Reviewer's Checklist