Conversation
savetheclocktower
left a comment
savetheclocktower
left a comment
There was a problem hiding this comment.
All in all, this looks great. I started to leave some suggestions (feel free to take or leave any of them) but just having this stuff written down is great and I'm not going to stress out about formatting or structure. Thanks!
There was a problem hiding this comment.
I reckon the "Last Updated" info, while helpful now, may soon be outdated. I don't expect to impose on those who update PATs or credentials regularly that they also swing around and update this document, so I propose to delete the "Last updated" lines.
(I reckon those of us preparing or reviewing this PR know the dates written there now, and that by the time they would be out of date, they might only serve to confuse or misdirect others not present at this PR.)
Also proposed some diffs to add what I know about the tokens I've been presiding over for Cirrus.
|
@savetheclocktower Thanks a ton for your feedback, I'll address some of the changes suggested of data before getting to those formatting changes, but they do look like good calls. And to @DeeDeeG the |
Co-authored-by: DeeDeeG <DeeDeeG@users.noreply.github.com>
Co-authored-by: Andrew Dupont <andrew@andrewdupont.net>
Co-authored-by: Andrew Dupont <andrew@andrewdupont.net>
Co-authored-by: Andrew Dupont <andrew@andrewdupont.net>
Co-authored-by: Andrew Dupont <andrew@andrewdupont.net>
Co-authored-by: DeeDeeG <DeeDeeG@users.noreply.github.com>
Co-authored-by: DeeDeeG <DeeDeeG@users.noreply.github.com>
Co-authored-by: DeeDeeG <DeeDeeG@users.noreply.github.com>
Co-authored-by: Andrew Dupont <andrew@andrewdupont.net>
|
I've now addressed all feedback provided if anyone would like to re-review so we can get this merged, I'd appreciate it! |
|
Actually, @savetheclocktower has already provided an approval. Considering that everyone's concerns have been handled, and the propensity of PR's in this repository to hang in limbo, I'm gonna go ahead and run with that original approval and merge this one. Thanks for everyone that took a look at this, appreciate it! |
This is meant to address feedback and attempt to better show what this datapoint is supposed to represent. We can always consider fully removing this in the future if we find it pointless to keep.
|
|
||
| #### Description | ||
|
|
||
| This token allows publish access to our `@pulsar-edit` NPM account. Likely this token was generated by a user on the NPM organization that has publish access. |
There was a problem hiding this comment.
I should've asked this before this landed, but: how is membership in the NPM organization decided? Do we have a bus factor there as well?
There was a problem hiding this comment.
Not as much of one, users have to be added to the NPM organization.
But that's actually perfect subject matter for #319 and I can go ahead and add it there. Thanks for pointing it out
3 participants
As suggested on Discord we really ought to start documenting all the knowledge that currently only exists in people's head.
Seems best to do this via some simple runbooks, with my first entry being that about
secrets.This initial guide focusing on what secrets we use, where they are, who owns them, and what to do when updating them.
Please feel free to provide any feedback possible, as this is a first of this format.
As they requested this initially @savetheclocktower