| 16 Mar 2023 |
 Mic92 | But maybe this was just for github merges... | 13:39:17 |
 @brian:bmcgee.ie | if it can, even better. Simplifies things | 13:39:17 |
| @brian:bmcgee.ie | For now it looks like I need to generate a gpg key and add it to a bot github profile | 13:39:39 |
| @brian:bmcgee.ie | from what I'm googling | 13:39:45 |
| Mic92 | https://github.com/Nautilus-Cyberneering/pygithub/blob/main/docs/how_to_sign_automatic_commits_in_github_actions.md#solution-01-using-the-temporary-github_token-generated-for-each-workflow-job | 13:39:51 |
| Mic92 | Looks like you need to have a gpg key. | 13:40:22 |
| Mic92 | I don't think you need a bot account however. | 13:40:30 |
| Mic92 | Ok. Maybe to assign it an identity... | 13:40:57 |
| @brian:bmcgee.ie | Yeah looks like | 13:41:26 |
| Mic92 | I guess if you want to get the green mark than an account is required. | 13:41:44 |
| @brian:bmcgee.ie | Which is why I figure it makes sense to have a nix-community bot profile rather than creating one for each repo potentially | 13:41:48 |
| @brian:bmcgee.ie | with an org wide bot gpg key that can be dropped in if you need signed commits | 13:42:08 |
| Mic92 | Well, than this bot also would need to be a contributor potentially. But maybe not. | 13:42:20 |
| Mic92 | If we had to give than each repo also a github token, this would be not so nice from a security perspective since than every user could potentially use this. But I guess this might be not needed. | 13:43:01 |
| Mic92 | We would only have per project gpg keys | 13:43:45 |
| @brian:bmcgee.ie | I think that makes sense. Isolates the key to a project, but a common github profile for the bot | 13:44:24 |
| @brian:bmcgee.ie | if you need a key ask an admin to drop in a new gpg key on the bot account and then add that as a repo secret | 13:44:48 |
| @brian:bmcgee.ie | ? | 13:44:57 |
| Mic92 | I would probably automate this away with the terraform github provider. | 13:45:34 |
| Mic92 | if this is a feature there. | 13:45:44 |
| Mic92 | so that people would make a PR. | 13:45:54 |
| @brian:bmcgee.ie | even better | 13:46:04 |
| Mic92 | https://registry.terraform.io/providers/integrations/github/latest/docs/resources/user_gpg_key | 13:46:17 |
| Mic92 | That' looks easy enough. | 13:46:27 |
| Mic92 | make an issue here please: https://github.com/nix-community/infra/issues | 13:46:49 |
| @brian:bmcgee.ie | is there already a terraform setup for managing nix-community infra? | 13:46:51 |
| @brian:bmcgee.ie | Ah cool | 13:46:54 |
| Mic92 | yes, we have that for dns stuff | 13:47:03 |
| @brian:bmcgee.ie | https://github.com/nix-community/infra/issues/482 | 13:53:18 |
| Mic92 | BMG: mhm. One issue still. When we have one bot with multiple private keys than each private key would be still recognized as valid... | 13:56:09 |
