| 14 Mar 2023 |
|  miriku joined the room. | 18:41:08 |
|  butterchicken joined the room. | 22:47:08 |
| 15 Mar 2023 |
|  @adtya:adtya.xyz joined the room. | 04:28:36 |
| 16 Mar 2023 |
 @brian:bmcgee.ie | Is there a bot account for nix-community that can be used for signed commits from github actions? For context: https://github.com/nix-community/ethereum.nix/pull/165 | 13:35:41 |
 Mic92 | Probably better to create your own so we don't need to share more github tokens between projects than needed. | 13:37:25 |
| Mic92 | But wouldn't it be sufficient to just have a repo secret? | 13:37:47 |
| Mic92 | You can give the github action permissions to make commits | 13:38:08 |
| @brian:bmcgee.ie | I can configure it, but I thought it was worth checking if this had already been setup org wide. | 13:38:15 |
| @brian:bmcgee.ie | Signed commits are required org wide for nix-community I think | 13:38:25 |
| Mic92 | Github actions bot should sign commits as well no? | 13:38:52 |
| @brian:bmcgee.ie | I don't have much experience with them, you could be right | 13:39:06 |
| Mic92 | But maybe this was just for github merges... | 13:39:17 |
| @brian:bmcgee.ie | if it can, even better. Simplifies things | 13:39:17 |
| @brian:bmcgee.ie | For now it looks like I need to generate a gpg key and add it to a bot github profile | 13:39:39 |
| @brian:bmcgee.ie | from what I'm googling | 13:39:45 |
| Mic92 | https://github.com/Nautilus-Cyberneering/pygithub/blob/main/docs/how_to_sign_automatic_commits_in_github_actions.md#solution-01-using-the-temporary-github_token-generated-for-each-workflow-job | 13:39:51 |
| Mic92 | Looks like you need to have a gpg key. | 13:40:22 |
| Mic92 | I don't think you need a bot account however. | 13:40:30 |
| Mic92 | Ok. Maybe to assign it an identity... | 13:40:57 |
| @brian:bmcgee.ie | Yeah looks like | 13:41:26 |
| Mic92 | I guess if you want to get the green mark than an account is required. | 13:41:44 |
| @brian:bmcgee.ie | Which is why I figure it makes sense to have a nix-community bot profile rather than creating one for each repo potentially | 13:41:48 |
| @brian:bmcgee.ie | with an org wide bot gpg key that can be dropped in if you need signed commits | 13:42:08 |
| Mic92 | Well, than this bot also would need to be a contributor potentially. But maybe not. | 13:42:20 |
| Mic92 | If we had to give than each repo also a github token, this would be not so nice from a security perspective since than every user could potentially use this. But I guess this might be not needed. | 13:43:01 |
| Mic92 | We would only have per project gpg keys | 13:43:45 |
| @brian:bmcgee.ie | I think that makes sense. Isolates the key to a project, but a common github profile for the bot | 13:44:24 |
| @brian:bmcgee.ie | if you need a key ask an admin to drop in a new gpg key on the bot account and then add that as a repo secret | 13:44:48 |
| @brian:bmcgee.ie | ? | 13:44:57 |
| Mic92 | I would probably automate this away with the terraform github provider. | 13:45:34 |
