From 49d12ee46e415f78007754f6e623c39e705983b8 Mon Sep 17 00:00:00 2001 From: German Date: Tue, 16 May 2023 19:53:59 +0200 Subject: [PATCH 01/15] Main scheme of text --- doc/source/how-to/continuous-integration.rst | 89 ++++++++++++++++++++ 1 file changed, 89 insertions(+) diff --git a/doc/source/how-to/continuous-integration.rst b/doc/source/how-to/continuous-integration.rst index cc589310..2d471726 100644 --- a/doc/source/how-to/continuous-integration.rst +++ b/doc/source/how-to/continuous-integration.rst @@ -176,3 +176,92 @@ Workflow examples are provided for checking :ref:`Coding style`, .. literalinclude:: code/release.yml :language: yaml + +Secrets +------- + +:: + + Secrets are encrypted variables that you create in an organization, repository, or repository environment. The secrets that you create are available to use in GitHub Actions workflows. + + +You can use secrets to pass sensible data such as passwords, token or IPs to your workflows. + + +Organization secrets +~~~~~~~~~~~~~~~~~~~~ + +By default, ``Ansys`` and ``Ansys-internal`` organizations provide certain secrets to help you to automatize/unify certain tasks such as release. + + + +Organization Tokens +------------------- + +To facilitate certain taks such as autentication in certain sites, ``Ansys`` and ``Ansys-internal`` organizations provide to the developer with certain tokens or personal access tokens (PATs). These tokens are confidential and for internal use only. +Some of these tokens can be used as GitHub secrets, others might need to be requested to pyansys.core@ansys.com. + +GithHub tokens +~~~~~~~~~~~~~~ +To be used within GitHub. + + + + + ++----------------------------------------------------------------+----------------------------------------+ +| | **TOKEN NAME** | ``BOT_APPLICATION_ID`` | ++================================================================+========================================+ +| | **Repository access** | Public Repositories (read-only) | ++----------------------------------------------------------------+----------------------------------------+ +| | **Permissions** | | ++----------------------------------------------------------------+----------------------------------------+ +| | **Block another user** | | +| | View and manage users blocked by the user. | | ++----------------------------------------------------------------+----------------------------------------+ +| | **Codespaces user secrets** | | +| | Manage Codespaces user secrets. | | ++----------------------------------------------------------------+----------------------------------------+ +| | **Email addresses** | | +| | Manage a user's email addresses. | | ++----------------------------------------------------------------+----------------------------------------+ +| | **Followers** | | +| | A user's followers | | ++----------------------------------------------------------------+----------------------------------------+ +| | **GPG keys** | | +| | View and manage a user's GPG keys. | | ++----------------------------------------------------------------+----------------------------------------+ +| | **Gists** | | +| | Create and modify a user's gists and comments. | | ++----------------------------------------------------------------+----------------------------------------+ +| | **Git SSH keys** | | +| | Git SSH keys | | ++----------------------------------------------------------------+----------------------------------------+ +| | **Interaction limits** | | +| | Interaction limits on repositories | | ++----------------------------------------------------------------+----------------------------------------+ +| | **Plan** | | +| | View a user's plan. | | ++----------------------------------------------------------------+----------------------------------------+ +| | **Private repository invitations** | | +| | View a user's invitations to private repositories | | ++----------------------------------------------------------------+----------------------------------------+ +| | **Profile** | | +| | Manage a user's profile settings. | | ++----------------------------------------------------------------+----------------------------------------+ +| | **SSH signing keys** | | +| | View and manage a user's SSH signing keys. | | ++----------------------------------------------------------------+----------------------------------------+ +| | **Starring** | | +| | List and manage repositories a user is starring. | | ++----------------------------------------------------------------+----------------------------------------+ +| | **Watching** | | +| | List and change repositories a user is subscribed to. | | ++----------------------------------------------------------------+----------------------------------------+ + + +PyPI tokens +~~~~~~~~~~~ + + + From 140dc12e5ed43122c1cefedf594680fa23400d5a Mon Sep 17 00:00:00 2001 From: German Date: Tue, 16 May 2023 19:55:49 +0200 Subject: [PATCH 02/15] Added link --- doc/source/how-to/continuous-integration.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/source/how-to/continuous-integration.rst b/doc/source/how-to/continuous-integration.rst index 2d471726..5b5f0bb3 100644 --- a/doc/source/how-to/continuous-integration.rst +++ b/doc/source/how-to/continuous-integration.rst @@ -180,10 +180,12 @@ Workflow examples are provided for checking :ref:`Coding style`, Secrets ------- -:: + Secrets are encrypted variables that you create in an organization, repository, or repository environment. The secrets that you create are available to use in GitHub Actions workflows. + From `GitHub documentation `_ + You can use secrets to pass sensible data such as passwords, token or IPs to your workflows. From 429efe1fca5ba7d8a257d640b0ddaa7dee4536ec Mon Sep 17 00:00:00 2001 From: German Date: Wed, 17 May 2023 12:01:41 +0200 Subject: [PATCH 03/15] Adding table and bot section --- doc/source/how-to/continuous-integration.rst | 135 +++++++++++++++---- doc/source/how-to/documenting.rst | 1 + 2 files changed, 108 insertions(+), 28 deletions(-) diff --git a/doc/source/how-to/continuous-integration.rst b/doc/source/how-to/continuous-integration.rst index 5b5f0bb3..f8fbd238 100644 --- a/doc/source/how-to/continuous-integration.rst +++ b/doc/source/how-to/continuous-integration.rst @@ -177,10 +177,11 @@ Workflow examples are provided for checking :ref:`Coding style`, .. literalinclude:: code/release.yml :language: yaml -Secrets -------- +.. _organization_secrets: +Organization secrets +-------------------- Secrets are encrypted variables that you create in an organization, repository, or repository environment. The secrets that you create are available to use in GitHub Actions workflows. @@ -189,75 +190,116 @@ Secrets You can use secrets to pass sensible data such as passwords, token or IPs to your workflows. - -Organization secrets -~~~~~~~~~~~~~~~~~~~~ - By default, ``Ansys`` and ``Ansys-internal`` organizations provide certain secrets to help you to automatize/unify certain tasks such as release. - +Actions secrets +~~~~~~~~~~~~~~~ + ++-------------------------------------+-------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------+ +| **SECRET** | **Repository access** | **Value** | **Description** | ++=====================================+=====================================+======================================+==============================================================================================+ +| ``BOT_APPLICATION_ID`` | All repositories | *Secret* | Username of bot app | ++-------------------------------------+-------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------+ +| ``BOT_APPLICATION_PRIVATE_KEY`` | All repositories | *Secret* | Bot private key (see :ref:`organization_bot`) | ++-------------------------------------+-------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------+ +| ``HUGO_THEME_TOKEN`` | All repositories | *Secret* | | ++-------------------------------------+-------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------+ +| ``LICENSE_SERVER`` | All repositories | *Secret* | IP address of license server | ++-------------------------------------+-------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------+ +| ``MULTIPR_DEPENDABOT`` | All repositories | Token ``PYANSYS_CI_BOT_TOKEN`` | Token to be passed to bot to allow multiple library updates in one pull request. | ++-------------------------------------+-------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------+ +| ``PYANSYS_CI_BOT_PACKAGE_TOKEN`` | Private and internal repositories | | Token to publish (write) packages in `ghcr.io `_ registry. | ++-------------------------------------+-------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------+ +| ``PYANSYS_CI_BOT_TOKEN`` | All repositories | | | ++-------------------------------------+-------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------+ +| ``PYANSYS_PYPI_PRIVATE_PAT`` | All repositories | | | ++-------------------------------------+-------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------+ +| ``PYPI_TOKEN`` | All repositories | | | ++-------------------------------------+-------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------+ +| ``PYPI_TESTING_TOKEN`` | Private and internal repositories | | | ++-------------------------------------+-------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------+ +| ``TWINE_TOKEN`` | Private and internal repositories | | | ++-------------------------------------+-------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------+ + +Dependabot secrets +~~~~~~~~~~~~~~~~~~ + +These secrets in most of the cases a replica of the `Actions secrets`_. + ++-------------------------------------+---------------------------------------------+----------------------------------------+----------------------------------------------+ +| **SECRET** | **Repository access** | **Token** | **Description** | ++=====================================+=============================================+========================================+==============================================+ +| ``BOT_APPLICATION_ID`` | Same as `Actions secrets`_ equivalent | ++-------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------+ +| ``BOT_APPLICATION_PRIVATE_KEY`` | Same as `Actions secrets`_ equivalent | ++-------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------+ +| ``LICENSE_SERVER`` | Same as `Actions secrets`_ equivalent | ++-------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------+ +| ``MULTIPR_DEPENDABOT`` | Same as `Actions secrets`_ equivalent | ++-------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------+ +| ``PYANSYS_PYPI_PRIVATE_PAT`` | Same as `Actions secrets`_ equivalent | ++-------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------+ + + +.. _organization_tokens: Organization Tokens ------------------- -To facilitate certain taks such as autentication in certain sites, ``Ansys`` and ``Ansys-internal`` organizations provide to the developer with certain tokens or personal access tokens (PATs). These tokens are confidential and for internal use only. -Some of these tokens can be used as GitHub secrets, others might need to be requested to pyansys.core@ansys.com. +To facilitate certain taks such as autentication, ``Ansys`` and ``Ansys-internal`` organizations provide to the developer with certain tokens or personal access tokens (PATs). These tokens are confidential and for internal use only. +Some of these tokens can be used as GitHub secrets, others must be requested to pyansys.core@ansys.com. GithHub tokens ~~~~~~~~~~~~~~ To be used within GitHub. - - - - +----------------------------------------------------------------+----------------------------------------+ -| | **TOKEN NAME** | ``BOT_APPLICATION_ID`` | +| | **TOKEN NAME** | ``PYANSYS_CI_BOT_TOKEN`` | +================================================================+========================================+ | | **Repository access** | Public Repositories (read-only) | +----------------------------------------------------------------+----------------------------------------+ | | **Permissions** | | +----------------------------------------------------------------+----------------------------------------+ -| | **Block another user** | | +| | **Block another user** | No access | | | View and manage users blocked by the user. | | +----------------------------------------------------------------+----------------------------------------+ -| | **Codespaces user secrets** | | +| | **Codespaces user secrets** | No access | | | Manage Codespaces user secrets. | | +----------------------------------------------------------------+----------------------------------------+ -| | **Email addresses** | | +| | **Email addresses** | No access | | | Manage a user's email addresses. | | +----------------------------------------------------------------+----------------------------------------+ -| | **Followers** | | +| | **Followers** | No access | | | A user's followers | | +----------------------------------------------------------------+----------------------------------------+ -| | **GPG keys** | | +| | **GPG keys** | No access | | | View and manage a user's GPG keys. | | +----------------------------------------------------------------+----------------------------------------+ -| | **Gists** | | +| | **Gists** | No access | | | Create and modify a user's gists and comments. | | +----------------------------------------------------------------+----------------------------------------+ -| | **Git SSH keys** | | +| | **Git SSH keys** | No access | | | Git SSH keys | | +----------------------------------------------------------------+----------------------------------------+ -| | **Interaction limits** | | +| | **Interaction limits** | No access | | | Interaction limits on repositories | | +----------------------------------------------------------------+----------------------------------------+ -| | **Plan** | | +| | **Plan** | No access | | | View a user's plan. | | +----------------------------------------------------------------+----------------------------------------+ -| | **Private repository invitations** | | +| | **Private repository invitations** | No access | | | View a user's invitations to private repositories | | +----------------------------------------------------------------+----------------------------------------+ -| | **Profile** | | +| | **Profile** | No access | | | Manage a user's profile settings. | | +----------------------------------------------------------------+----------------------------------------+ -| | **SSH signing keys** | | +| | **SSH signing keys** | No access | | | View and manage a user's SSH signing keys. | | +----------------------------------------------------------------+----------------------------------------+ -| | **Starring** | | +| | **Starring** | No access | | | List and manage repositories a user is starring. | | +----------------------------------------------------------------+----------------------------------------+ -| | **Watching** | | +| | **Watching** | No access | | | List and change repositories a user is subscribed to. | | +----------------------------------------------------------------+----------------------------------------+ @@ -267,3 +309,40 @@ PyPI tokens +Other tokens +~~~~~~~~~~~~ + + +``HUGO_THEME_TOKEN`` +******************** + +This token is used to ... # todo: to be added + + +``TWINE_TOKEN`` +*************** + +This token is used to ... # todo: to be added + + + +.. _organization_bot: + +Organization bot +---------------- + +Because the usage of user personal access tokens (PATs) is discouraged, ``Ansys`` and ``Ansys-internal`` +organizations provide with a bot called ``ansys-bot`` to perform certain tasks which requires autentification, +for example github pages publication or docker image registry login. + +To use the bot for these tasks, you need to use the bot tokens provided through secrets (see :ref:`organization_secrets`). +To get a better overview of the permissions of each token see :ref:`organization_tokens`. + +By default, the bot has access to **all repositories** and has the following permissions: + +* **Read and write** access to **actions, code, packages, and pull requests** +* **Read** access to **metadata and organization secrets** + +Those permissions can be obtained using a temporal token obtained from the ``BOT_APPLICATION_PRIVATE_KEY`` token +and the `peter-murray/workflow-application-token-action `_. +Visit :ref:`deploying_to_another_repo` for a documented example. \ No newline at end of file diff --git a/doc/source/how-to/documenting.rst b/doc/source/how-to/documenting.rst index 6f7f26fc..c71b2356 100644 --- a/doc/source/how-to/documenting.rst +++ b/doc/source/how-to/documenting.rst @@ -575,6 +575,7 @@ in an automated way. cname: ${{ env.DOCUMENTATION_CNAME }} token: ${{ secrets.GITHUB_TOKEN }} +.. _deploying_to_another_repo: Deploying to another repository ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From 3687cfcb7ec7e0a0fc883e749b54a175a1041f40 Mon Sep 17 00:00:00 2001 From: German Date: Wed, 17 May 2023 13:34:12 +0200 Subject: [PATCH 04/15] Updating table and adding more info about other tokens --- doc/source/how-to/continuous-integration.rst | 197 +++++++++++-------- 1 file changed, 114 insertions(+), 83 deletions(-) diff --git a/doc/source/how-to/continuous-integration.rst b/doc/source/how-to/continuous-integration.rst index f8fbd238..5bb80307 100644 --- a/doc/source/how-to/continuous-integration.rst +++ b/doc/source/how-to/continuous-integration.rst @@ -188,38 +188,40 @@ Organization secrets From `GitHub documentation `_ -You can use secrets to pass sensible data such as passwords, token or IPs to your workflows. +You can use ``secrets`` to pass sensible data such as passwords, token or IPs to your workflows. -By default, ``Ansys`` and ``Ansys-internal`` organizations provide certain secrets to help you to automatize/unify certain tasks such as release. +By default, ``Ansys`` and ``Ansys-internal`` organizations provide certain ``secrets`` to help you to automatize/unify certain tasks such as release. Actions secrets ~~~~~~~~~~~~~~~ -+-------------------------------------+-------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------+ -| **SECRET** | **Repository access** | **Value** | **Description** | -+=====================================+=====================================+======================================+==============================================================================================+ -| ``BOT_APPLICATION_ID`` | All repositories | *Secret* | Username of bot app | -+-------------------------------------+-------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------+ -| ``BOT_APPLICATION_PRIVATE_KEY`` | All repositories | *Secret* | Bot private key (see :ref:`organization_bot`) | -+-------------------------------------+-------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------+ -| ``HUGO_THEME_TOKEN`` | All repositories | *Secret* | | -+-------------------------------------+-------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------+ -| ``LICENSE_SERVER`` | All repositories | *Secret* | IP address of license server | -+-------------------------------------+-------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------+ -| ``MULTIPR_DEPENDABOT`` | All repositories | Token ``PYANSYS_CI_BOT_TOKEN`` | Token to be passed to bot to allow multiple library updates in one pull request. | -+-------------------------------------+-------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------+ -| ``PYANSYS_CI_BOT_PACKAGE_TOKEN`` | Private and internal repositories | | Token to publish (write) packages in `ghcr.io `_ registry. | -+-------------------------------------+-------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------+ -| ``PYANSYS_CI_BOT_TOKEN`` | All repositories | | | -+-------------------------------------+-------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------+ -| ``PYANSYS_PYPI_PRIVATE_PAT`` | All repositories | | | -+-------------------------------------+-------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------+ -| ``PYPI_TOKEN`` | All repositories | | | -+-------------------------------------+-------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------+ -| ``PYPI_TESTING_TOKEN`` | Private and internal repositories | | | -+-------------------------------------+-------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------+ -| ``TWINE_TOKEN`` | Private and internal repositories | | | -+-------------------------------------+-------------------------------------+--------------------------------------+----------------------------------------------------------------------------------------------+ ++-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ +| **SECRET** | **Repository access** | **Token?** | **Value** | **Description** | ++=====================================+====================================+=======================================+===========================================+==============================================================================================+ +| ``BOT_APPLICATION_ID`` | All repositories | No | *Secret* | Username of bot app | ++-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ +| ``BOT_APPLICATION_PRIVATE_KEY`` | All repositories | No | *Secret* | Bot private key (see :ref:`organization_bot`) | ++-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ +| ``HUGO_THEME_TOKEN`` | All repositories | Yes | *Secret* | | ++-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ +| ``LICENSE_SERVER`` | All repositories | No | *Secret* | IP address of license server | ++-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ +| ``MULTIPR_DEPENDABOT`` | All repositories | :ref:`Yes (GitHub) ` | Token ``PYANSYS_CI_BOT_TOKEN`` | Bot token to be passed to bot to allow multiple library updates in one pull request. | ++-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ +| ``PYANSYS_CI_BOT_PACKAGE_TOKEN`` | Private and internal repositories | :ref:`Yes (GitHub) ` | Token ``PYANSYS_CI_BOT_PACKAGE_TOKEN`` | Bot token to publish (write) packages in `ghcr.io `_ registry. | ++-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ +| ``PYANSYS_CI_BOT_TOKEN`` | All repositories | :ref:`Yes (GitHub) ` | Token ``PYANSYS_CI_BOT_TOKEN`` | Bot token for general purpose. It has repo read/write permissions and package read. | ++-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ +| ``PYANSYS_PYPI_PRIVATE_PAT`` | All repositories | :ref:`Yes (PyPI) ` | Token ``PYANSYS_PYPI_PRIVATE_PAT`` | Token to publish to Ansys private PyPI channel. | ++-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ +| ``PYPI_TOKEN`` | Private and internal repositories | :ref:`Yes (PyPI) ` | **Empty** | This should be overwritten at each repository after first public release. | ++-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ +| ``PYPI_TESTING_TOKEN`` | Private and internal repositories | :ref:`Yes (PyPI) ` | *Secret* | Token for testing publication to PyPI. | ++-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ +| ``TWINE_TOKEN`` | Private and internal repositories | :ref:`Yes (PyPI) ` | **Empty** | This should be overwritten at each repository after first public release. | ++-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ + +The values of the ``secrets`` can be obtained by emailing pyansys.maintainers@ansys.com. Dependabot secrets ~~~~~~~~~~~~~~~~~~ @@ -243,76 +245,102 @@ These secrets in most of the cases a replica of the `Actions secrets`_. .. _organization_tokens: -Organization Tokens +Organization tokens ------------------- -To facilitate certain taks such as autentication, ``Ansys`` and ``Ansys-internal`` organizations provide to the developer with certain tokens or personal access tokens (PATs). These tokens are confidential and for internal use only. +To facilitate certain taks such as autentication, ``Ansys`` and ``Ansys-internal`` organizations provide to the developer with certain tokens or personal access tokens (PATs). +These tokens are confidential and for internal use only. Some of these tokens can be used as GitHub secrets, others must be requested to pyansys.core@ansys.com. +If needed, the value of the all the tokens can be obtained by emailing pyansys.maintainers@ansys.com. + + +.. _github_tokens: GithHub tokens ~~~~~~~~~~~~~~ -To be used within GitHub. - -+----------------------------------------------------------------+----------------------------------------+ -| | **TOKEN NAME** | ``PYANSYS_CI_BOT_TOKEN`` | -+================================================================+========================================+ -| | **Repository access** | Public Repositories (read-only) | -+----------------------------------------------------------------+----------------------------------------+ -| | **Permissions** | | -+----------------------------------------------------------------+----------------------------------------+ -| | **Block another user** | No access | -| | View and manage users blocked by the user. | | -+----------------------------------------------------------------+----------------------------------------+ -| | **Codespaces user secrets** | No access | -| | Manage Codespaces user secrets. | | -+----------------------------------------------------------------+----------------------------------------+ -| | **Email addresses** | No access | -| | Manage a user's email addresses. | | -+----------------------------------------------------------------+----------------------------------------+ -| | **Followers** | No access | -| | A user's followers | | -+----------------------------------------------------------------+----------------------------------------+ -| | **GPG keys** | No access | -| | View and manage a user's GPG keys. | | -+----------------------------------------------------------------+----------------------------------------+ -| | **Gists** | No access | -| | Create and modify a user's gists and comments. | | -+----------------------------------------------------------------+----------------------------------------+ -| | **Git SSH keys** | No access | -| | Git SSH keys | | -+----------------------------------------------------------------+----------------------------------------+ -| | **Interaction limits** | No access | -| | Interaction limits on repositories | | -+----------------------------------------------------------------+----------------------------------------+ -| | **Plan** | No access | -| | View a user's plan. | | -+----------------------------------------------------------------+----------------------------------------+ -| | **Private repository invitations** | No access | -| | View a user's invitations to private repositories | | -+----------------------------------------------------------------+----------------------------------------+ -| | **Profile** | No access | -| | Manage a user's profile settings. | | -+----------------------------------------------------------------+----------------------------------------+ -| | **SSH signing keys** | No access | -| | View and manage a user's SSH signing keys. | | -+----------------------------------------------------------------+----------------------------------------+ -| | **Starring** | No access | -| | List and manage repositories a user is starring. | | -+----------------------------------------------------------------+----------------------------------------+ -| | **Watching** | No access | -| | List and change repositories a user is subscribed to. | | -+----------------------------------------------------------------+----------------------------------------+ - +These tokens are meant to be used within GitHub to provide access and permissions to different tasks and repositories. + ++----------------------------------------------------------------+----------------------------------------+----------------------------------------+ +| | **TOKEN NAME** | ``PYANSYS_CI_BOT_TOKEN`` | ``PYANSYS_CI_BOT_PACKAGE_TOKEN`` | ++================================================================+========================================+========================================+ +| | **Repository access** | Public Repositories (read-only) | Public Repositories (read-only) | ++----------------------------------------------------------------+----------------------------------------+----------------------------------------+ +| | **Permissions** | | | ++----------------------------------------------------------------+----------------------------------------+----------------------------------------+ +| | **Block another user** | No access | No access | +| | View and manage users blocked by the user. | | | ++----------------------------------------------------------------+----------------------------------------+----------------------------------------+ +| | **Codespaces user secrets** | No access | No access | +| | Manage Codespaces user secrets. | | | ++----------------------------------------------------------------+----------------------------------------+----------------------------------------+ +| | **Email addresses** | No access | No access | +| | Manage a user's email addresses. | | | ++----------------------------------------------------------------+----------------------------------------+----------------------------------------+ +| | **Followers** | No access | No access | +| | A user's followers | | | ++----------------------------------------------------------------+----------------------------------------+----------------------------------------+ +| | **GPG keys** | No access | No access | +| | View and manage a user's GPG keys. | | | ++----------------------------------------------------------------+----------------------------------------+----------------------------------------+ +| | **Gists** | No access | No access | +| | Create and modify a user's gists and comments. | | | ++----------------------------------------------------------------+----------------------------------------+----------------------------------------+ +| | **Git SSH keys** | No access | No access | +| | Git SSH keys | | | ++----------------------------------------------------------------+----------------------------------------+----------------------------------------+ +| | **Interaction limits** | No access | No access | +| | Interaction limits on repositories | | | ++----------------------------------------------------------------+----------------------------------------+----------------------------------------+ +| | **Plan** | No access | No access | +| | View a user's plan. | | | ++----------------------------------------------------------------+----------------------------------------+----------------------------------------+ +| | **Private repository invitations** | No access | No access | +| | View a user's invitations to private repositories | | | ++----------------------------------------------------------------+----------------------------------------+----------------------------------------+ +| | **Profile** | No access | No access | +| | Manage a user's profile settings. | | | ++----------------------------------------------------------------+----------------------------------------+----------------------------------------+ +| | **SSH signing keys** | No access | No access | +| | View and manage a user's SSH signing keys. | | | ++----------------------------------------------------------------+----------------------------------------+----------------------------------------+ +| | **Starring** | No access | No access | +| | List and manage repositories a user is starring. | | | ++----------------------------------------------------------------+----------------------------------------+----------------------------------------+ +| | **Watching** | No access | No access | +| | List and change repositories a user is subscribed to. | | | ++----------------------------------------------------------------+----------------------------------------+----------------------------------------+ + +.. _pypi_tokens: PyPI tokens ~~~~~~~~~~~ +.. _pypi_private_token: + +``PYANSYS_PYPI_PRIVATE_PAT`` +**************************** + +Used for autentication when uploading libraries to the private Ansys PyPI index. +It can be used as password for the `twine `_ library. + +.. _pypi_token: + +``PYPI_TOKEN`` +************** + +The value of this token is unique for each repository. +Used for autentication when uploading libraries to the public PyPI index. + + +``PYPI_TESTING_TOKEN`` +********************** + +Used for testing uploads to public PyPI index. Other tokens ~~~~~~~~~~~~ - ``HUGO_THEME_TOKEN`` ******************** @@ -322,7 +350,10 @@ This token is used to ... # todo: to be added ``TWINE_TOKEN`` *************** -This token is used to ... # todo: to be added +This token is used for autentication when uploading libraries to PyPI and its value might change +accross repositories. +Depending if the library is uploaded to a public PyPI index or private, its value will match +:ref:`pypi_private_token` or :ref:`pypi_token`. From caa1d1110e9cffae9d71d4b3554d7d2d78bb964c Mon Sep 17 00:00:00 2001 From: German Date: Wed, 17 May 2023 13:36:53 +0200 Subject: [PATCH 05/15] replacing email --- doc/source/how-to/continuous-integration.rst | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/doc/source/how-to/continuous-integration.rst b/doc/source/how-to/continuous-integration.rst index 5bb80307..2266ee2d 100644 --- a/doc/source/how-to/continuous-integration.rst +++ b/doc/source/how-to/continuous-integration.rst @@ -221,7 +221,7 @@ Actions secrets | ``TWINE_TOKEN`` | Private and internal repositories | :ref:`Yes (PyPI) ` | **Empty** | This should be overwritten at each repository after first public release. | +-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ -The values of the ``secrets`` can be obtained by emailing pyansys.maintainers@ansys.com. +The values of the ``secrets`` can be obtained by emailing pyansys.core@ansys.com. Dependabot secrets ~~~~~~~~~~~~~~~~~~ @@ -251,7 +251,6 @@ Organization tokens To facilitate certain taks such as autentication, ``Ansys`` and ``Ansys-internal`` organizations provide to the developer with certain tokens or personal access tokens (PATs). These tokens are confidential and for internal use only. Some of these tokens can be used as GitHub secrets, others must be requested to pyansys.core@ansys.com. -If needed, the value of the all the tokens can be obtained by emailing pyansys.maintainers@ansys.com. .. _github_tokens: From eb0ee11616519461616cbbab5be7475d1b10a20b Mon Sep 17 00:00:00 2001 From: German Date: Wed, 17 May 2023 16:10:41 +0200 Subject: [PATCH 06/15] Fixing vale --- doc/source/how-to/continuous-integration.rst | 18 ++--- doc/styles/Vocab/ANSYS/accept.txt | 79 ++++++++++---------- 2 files changed, 50 insertions(+), 47 deletions(-) diff --git a/doc/source/how-to/continuous-integration.rst b/doc/source/how-to/continuous-integration.rst index 2266ee2d..5ebc9153 100644 --- a/doc/source/how-to/continuous-integration.rst +++ b/doc/source/how-to/continuous-integration.rst @@ -188,7 +188,7 @@ Organization secrets From `GitHub documentation `_ -You can use ``secrets`` to pass sensible data such as passwords, token or IPs to your workflows. +You can use ``secrets`` to pass sensible data such as passwords, token or IP addressess to your workflows. By default, ``Ansys`` and ``Ansys-internal`` organizations provide certain ``secrets`` to help you to automatize/unify certain tasks such as release. @@ -210,7 +210,7 @@ Actions secrets +-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ | ``PYANSYS_CI_BOT_PACKAGE_TOKEN`` | Private and internal repositories | :ref:`Yes (GitHub) ` | Token ``PYANSYS_CI_BOT_PACKAGE_TOKEN`` | Bot token to publish (write) packages in `ghcr.io `_ registry. | +-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ -| ``PYANSYS_CI_BOT_TOKEN`` | All repositories | :ref:`Yes (GitHub) ` | Token ``PYANSYS_CI_BOT_TOKEN`` | Bot token for general purpose. It has repo read/write permissions and package read. | +| ``PYANSYS_CI_BOT_TOKEN`` | All repositories | :ref:`Yes (GitHub) ` | Token ``PYANSYS_CI_BOT_TOKEN`` | Bot token for general purpose. It has repository read/write permissions and package read. | +-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ | ``PYANSYS_PYPI_PRIVATE_PAT`` | All repositories | :ref:`Yes (PyPI) ` | Token ``PYANSYS_PYPI_PRIVATE_PAT`` | Token to publish to Ansys private PyPI channel. | +-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ @@ -248,15 +248,15 @@ These secrets in most of the cases a replica of the `Actions secrets`_. Organization tokens ------------------- -To facilitate certain taks such as autentication, ``Ansys`` and ``Ansys-internal`` organizations provide to the developer with certain tokens or personal access tokens (PATs). +To facilitate certain tasks such as authentication, ``Ansys`` and ``Ansys-internal`` organizations provide to the developer with certain tokens or personal access tokens (PATs). These tokens are confidential and for internal use only. Some of these tokens can be used as GitHub secrets, others must be requested to pyansys.core@ansys.com. .. _github_tokens: -GithHub tokens -~~~~~~~~~~~~~~ +GitHub tokens +~~~~~~~~~~~~~ These tokens are meant to be used within GitHub to provide access and permissions to different tasks and repositories. +----------------------------------------------------------------+----------------------------------------+----------------------------------------+ @@ -319,7 +319,7 @@ PyPI tokens ``PYANSYS_PYPI_PRIVATE_PAT`` **************************** -Used for autentication when uploading libraries to the private Ansys PyPI index. +Used for authentication when uploading libraries to the private Ansys PyPI index. It can be used as password for the `twine `_ library. .. _pypi_token: @@ -328,7 +328,7 @@ It can be used as password for the `twine Date: Thu, 18 May 2023 17:49:48 +0200 Subject: [PATCH 07/15] Adding different types of tokens --- doc/source/how-to/continuous-integration.rst | 247 +++++++++++++++---- 1 file changed, 198 insertions(+), 49 deletions(-) diff --git a/doc/source/how-to/continuous-integration.rst b/doc/source/how-to/continuous-integration.rst index 5ebc9153..c836e7af 100644 --- a/doc/source/how-to/continuous-integration.rst +++ b/doc/source/how-to/continuous-integration.rst @@ -259,55 +259,204 @@ GitHub tokens ~~~~~~~~~~~~~ These tokens are meant to be used within GitHub to provide access and permissions to different tasks and repositories. -+----------------------------------------------------------------+----------------------------------------+----------------------------------------+ -| | **TOKEN NAME** | ``PYANSYS_CI_BOT_TOKEN`` | ``PYANSYS_CI_BOT_PACKAGE_TOKEN`` | -+================================================================+========================================+========================================+ -| | **Repository access** | Public Repositories (read-only) | Public Repositories (read-only) | -+----------------------------------------------------------------+----------------------------------------+----------------------------------------+ -| | **Permissions** | | | -+----------------------------------------------------------------+----------------------------------------+----------------------------------------+ -| | **Block another user** | No access | No access | -| | View and manage users blocked by the user. | | | -+----------------------------------------------------------------+----------------------------------------+----------------------------------------+ -| | **Codespaces user secrets** | No access | No access | -| | Manage Codespaces user secrets. | | | -+----------------------------------------------------------------+----------------------------------------+----------------------------------------+ -| | **Email addresses** | No access | No access | -| | Manage a user's email addresses. | | | -+----------------------------------------------------------------+----------------------------------------+----------------------------------------+ -| | **Followers** | No access | No access | -| | A user's followers | | | -+----------------------------------------------------------------+----------------------------------------+----------------------------------------+ -| | **GPG keys** | No access | No access | -| | View and manage a user's GPG keys. | | | -+----------------------------------------------------------------+----------------------------------------+----------------------------------------+ -| | **Gists** | No access | No access | -| | Create and modify a user's gists and comments. | | | -+----------------------------------------------------------------+----------------------------------------+----------------------------------------+ -| | **Git SSH keys** | No access | No access | -| | Git SSH keys | | | -+----------------------------------------------------------------+----------------------------------------+----------------------------------------+ -| | **Interaction limits** | No access | No access | -| | Interaction limits on repositories | | | -+----------------------------------------------------------------+----------------------------------------+----------------------------------------+ -| | **Plan** | No access | No access | -| | View a user's plan. | | | -+----------------------------------------------------------------+----------------------------------------+----------------------------------------+ -| | **Private repository invitations** | No access | No access | -| | View a user's invitations to private repositories | | | -+----------------------------------------------------------------+----------------------------------------+----------------------------------------+ -| | **Profile** | No access | No access | -| | Manage a user's profile settings. | | | -+----------------------------------------------------------------+----------------------------------------+----------------------------------------+ -| | **SSH signing keys** | No access | No access | -| | View and manage a user's SSH signing keys. | | | -+----------------------------------------------------------------+----------------------------------------+----------------------------------------+ -| | **Starring** | No access | No access | -| | List and manage repositories a user is starring. | | | -+----------------------------------------------------------------+----------------------------------------+----------------------------------------+ -| | **Watching** | No access | No access | -| | List and change repositories a user is subscribed to. | | | -+----------------------------------------------------------------+----------------------------------------+----------------------------------------+ +Fine-grained tokens +******************* + ++----------------------------------------------------------------+----------------------------------------+ +| | **TOKEN NAME** | ``dependabot-multi-pr`` | ++================================================================+========================================+ +| | **Repository access** | Public Repositories (read-only) | ++----------------------------------------------------------------+----------------------------------------+ +| | **Permissions** | | ++----------------------------------------------------------------+----------------------------------------+ +| | **Block another user** | No access | +| | View and manage users blocked by the user. | | ++----------------------------------------------------------------+----------------------------------------+ +| | **Codespaces user secrets** | No access | +| | Manage Codespaces user secrets. | | ++----------------------------------------------------------------+----------------------------------------+ +| | **Email addresses** | No access | +| | Manage a user's email addresses. | | ++----------------------------------------------------------------+----------------------------------------+ +| | **Followers** | No access | +| | A user's followers | | ++----------------------------------------------------------------+----------------------------------------+ +| | **GPG keys** | No access | +| | View and manage a user's GPG keys. | | ++----------------------------------------------------------------+----------------------------------------+ +| | **Gists** | No access | +| | Create and modify a user's gists and comments. | | ++----------------------------------------------------------------+----------------------------------------+ +| | **Git SSH keys** | No access | +| | Git SSH keys | | ++----------------------------------------------------------------+----------------------------------------+ +| | **Interaction limits** | No access | +| | Interaction limits on repositories | | ++----------------------------------------------------------------+----------------------------------------+ +| | **Plan** | No access | +| | View a user's plan. | | ++----------------------------------------------------------------+----------------------------------------+ +| | **Private repository invitations** | No access | +| | View a user's invitations to private repositories | | ++----------------------------------------------------------------+----------------------------------------+ +| | **Profile** | No access | +| | Manage a user's profile settings. | | ++----------------------------------------------------------------+----------------------------------------+ +| | **SSH signing keys** | No access | +| | View and manage a user's SSH signing keys. | | ++----------------------------------------------------------------+----------------------------------------+ +| | **Starring** | No access | +| | List and manage repositories a user is starring. | | ++----------------------------------------------------------------+----------------------------------------+ +| | **Watching** | No access | +| | List and change repositories a user is subscribed to. | | ++----------------------------------------------------------------+----------------------------------------+ + +Classic tokens +************** + + ++-------------------------------------------------------------------------------------+-----------------+ +| **Permission** | **Status** | ++=====================================================================================+=================+ +| **repo** | | +| Full control of private repositories | | ++-------------------------------------------------------------------------------------+-----------------+ +| | repo:status | | +| | Access commit status | | ++-------------------------------------------------------------------------------------+-----------------+ +| | repo_deployment | | +| | Access deployment status | | ++-------------------------------------------------------------------------------------+-----------------+ +| | public_repo | | +| | Access public repositories | | ++-------------------------------------------------------------------------------------+-----------------+ +| | repo:invite | | +| | Access repository invitations | | ++-------------------------------------------------------------------------------------+-----------------+ +| | security_events | | +| | Read and write security events | | ++-------------------------------------------------------------------------------------+-----------------+ +| **workflow** | | +| Update GitHub Action workflows | | ++-------------------------------------------------------------------------------------+-----------------+ +| **write:packages** | | +| Upload packages to GitHub Package Registry | | ++-------------------f------------------------------------------------------------------+-----------------+ +| |_| read:packages | | +| |_| Download packages from GitHub Package Registry | | ++-------------------------------------------------------------------------------------+-----------------+ +| **delete:packages** | | +| Delete packages from GitHub Package Registry | | ++-------------------------------------------------------------------------------------+-----------------+ +| **admin:org** | | +| Full control of orgs and teams, read and write org projects | | ++-------------------------------------------------------------------------------------+-----------------+ +| | write:org | | +| | Read and write org and team membership, read and write org projects | | ++-------------------------------------------------------------------------------------+-----------------+ +| | read:org | | +| | Read org and team membership, read org projects | | ++-------------------------------------------------------------------------------------+-----------------+ +| | manage_runners:org | | +| | Manage org runners and runner groups | | ++-------------------------------------------------------------------------------------+-----------------+ +| | admin:public_key | | +| | Full control of user public keys | | ++-------------------------------------------------------------------------------------+-----------------+ +| | write:public_key | | +| | Write user public keys | | ++-------------------------------------------------------------------------------------+-----------------+ +| | read:public_key | | +| | Read user public keys | | ++-------------------------------------------------------------------------------------+-----------------+ +| | admin:repo_hook | | +| | Full control of repository hooks | | ++-------------------------------------------------------------------------------------+-----------------+ +| | write:repo_hook | | +| | Write repository hooks | | ++-------------------------------------------------------------------------------------+-----------------+ +| | read:repo_hook | | +| | Read repository hooks | | ++-------------------------------------------------------------------------------------+-----------------+ +| | admin:org_hook | | +| | Full control of organization hooks | | ++-------------------------------------------------------------------------------------+-----------------+ +| | gist | | +| | Create gists | | ++-------------------------------------------------------------------------------------+-----------------+ +| | notifications | | +| | Access notifications | | ++-------------------------------------------------------------------------------------+-----------------+ +| | user | | +| | Update ALL user data | | ++-------------------------------------------------------------------------------------+-----------------+ +| | read:user | | +| | Read ALL user profile data | | ++-------------------------------------------------------------------------------------+-----------------+ +| | user:email | | +| | Access user email addresses (read-only) | | ++-------------------------------------------------------------------------------------+-----------------+ +| | user:follow | | +| | Follow and unfollow users | | ++-------------------------------------------------------------------------------------+-----------------+ +| | delete_repo | | +| | Delete repositories | | ++-------------------------------------------------------------------------------------+-----------------+ +| | write:discussion | | +| | Read and write team discussions | | ++-------------------------------------------------------------------------------------+-----------------+ +| | read:discussion | | +| | Read team discussions | | ++-------------------------------------------------------------------------------------+-----------------+ +| | admin:enterprise | | +| | Full control of enterprises | | ++-------------------------------------------------------------------------------------+-----------------+ +| | manage_runners:enterprise | | +| | Manage enterprise runners and runner groups | | ++-------------------------------------------------------------------------------------+-----------------+ +| | manage_billing:enterprise | | +| | Read and write enterprise billing data | | ++-------------------------------------------------------------------------------------+-----------------+ +| | read:enterprise | | +| | Read enterprise profile data | | ++-------------------------------------------------------------------------------------+-----------------+ +| | audit_log | | +| | Full control of audit log | | ++-------------------------------------------------------------------------------------+-----------------+ +| | read:audit_log | | +| | Read access of audit log | | ++-------------------------------------------------------------------------------------+-----------------+ +| | codespace | | +| | Full control of codespaces | | ++-------------------------------------------------------------------------------------+-----------------+ +| | codespace:secrets | | +| | Ability to create, read, update, and delete codespace secrets | | ++-------------------------------------------------------------------------------------+-----------------+ +| | project | | +| | Full control of projects | | ++-------------------------------------------------------------------------------------+-----------------+ +| | read:project | | +| | Read access of projects | | ++-------------------------------------------------------------------------------------+-----------------+ +| | admin:gpg_key | | +| | Full control of public user GPG keys | | ++-------------------------------------------------------------------------------------+-----------------+ +| | write:gpg_key | | +| | Write public user GPG keys | | ++-------------------------------------------------------------------------------------+-----------------+ +| | read:gpg_key | | +| | Read public user GPG keys | | ++-------------------------------------------------------------------------------------+-----------------+ +| | admin:ssh_signing_key | | +| | Full control of public user SSH signing keys | | ++-------------------------------------------------------------------------------------+-----------------+ +| | write:ssh_signing_key | | +| | Write public user SSH signing keys | | ++-------------------------------------------------------------------------------------+-----------------+ +| | read:ssh_signing_key | | +| | Read public user SSH signing keys | | ++-------------------------------------------------------------------------------------+-----------------+ .. _pypi_tokens: From 0335c177e0179f14e980c3ab68cc244b521d78ff Mon Sep 17 00:00:00 2001 From: German Date: Thu, 18 May 2023 18:15:48 +0200 Subject: [PATCH 08/15] adding emojis --- doc/source/how-to/continuous-integration.rst | 286 ++++++++++--------- requirements/requirements_doc.txt | 3 +- 2 files changed, 146 insertions(+), 143 deletions(-) diff --git a/doc/source/how-to/continuous-integration.rst b/doc/source/how-to/continuous-integration.rst index c836e7af..0e86031f 100644 --- a/doc/source/how-to/continuous-integration.rst +++ b/doc/source/how-to/continuous-integration.rst @@ -315,148 +315,150 @@ Fine-grained tokens Classic tokens ************** - -+-------------------------------------------------------------------------------------+-----------------+ -| **Permission** | **Status** | -+=====================================================================================+=================+ -| **repo** | | -| Full control of private repositories | | -+-------------------------------------------------------------------------------------+-----------------+ -| | repo:status | | -| | Access commit status | | -+-------------------------------------------------------------------------------------+-----------------+ -| | repo_deployment | | -| | Access deployment status | | -+-------------------------------------------------------------------------------------+-----------------+ -| | public_repo | | -| | Access public repositories | | -+-------------------------------------------------------------------------------------+-----------------+ -| | repo:invite | | -| | Access repository invitations | | -+-------------------------------------------------------------------------------------+-----------------+ -| | security_events | | -| | Read and write security events | | -+-------------------------------------------------------------------------------------+-----------------+ -| **workflow** | | -| Update GitHub Action workflows | | -+-------------------------------------------------------------------------------------+-----------------+ -| **write:packages** | | -| Upload packages to GitHub Package Registry | | -+-------------------f------------------------------------------------------------------+-----------------+ -| |_| read:packages | | -| |_| Download packages from GitHub Package Registry | | -+-------------------------------------------------------------------------------------+-----------------+ -| **delete:packages** | | -| Delete packages from GitHub Package Registry | | -+-------------------------------------------------------------------------------------+-----------------+ -| **admin:org** | | -| Full control of orgs and teams, read and write org projects | | -+-------------------------------------------------------------------------------------+-----------------+ -| | write:org | | -| | Read and write org and team membership, read and write org projects | | -+-------------------------------------------------------------------------------------+-----------------+ -| | read:org | | -| | Read org and team membership, read org projects | | -+-------------------------------------------------------------------------------------+-----------------+ -| | manage_runners:org | | -| | Manage org runners and runner groups | | -+-------------------------------------------------------------------------------------+-----------------+ -| | admin:public_key | | -| | Full control of user public keys | | -+-------------------------------------------------------------------------------------+-----------------+ -| | write:public_key | | -| | Write user public keys | | -+-------------------------------------------------------------------------------------+-----------------+ -| | read:public_key | | -| | Read user public keys | | -+-------------------------------------------------------------------------------------+-----------------+ -| | admin:repo_hook | | -| | Full control of repository hooks | | -+-------------------------------------------------------------------------------------+-----------------+ -| | write:repo_hook | | -| | Write repository hooks | | -+-------------------------------------------------------------------------------------+-----------------+ -| | read:repo_hook | | -| | Read repository hooks | | -+-------------------------------------------------------------------------------------+-----------------+ -| | admin:org_hook | | -| | Full control of organization hooks | | -+-------------------------------------------------------------------------------------+-----------------+ -| | gist | | -| | Create gists | | -+-------------------------------------------------------------------------------------+-----------------+ -| | notifications | | -| | Access notifications | | -+-------------------------------------------------------------------------------------+-----------------+ -| | user | | -| | Update ALL user data | | -+-------------------------------------------------------------------------------------+-----------------+ -| | read:user | | -| | Read ALL user profile data | | -+-------------------------------------------------------------------------------------+-----------------+ -| | user:email | | -| | Access user email addresses (read-only) | | -+-------------------------------------------------------------------------------------+-----------------+ -| | user:follow | | -| | Follow and unfollow users | | -+-------------------------------------------------------------------------------------+-----------------+ -| | delete_repo | | -| | Delete repositories | | -+-------------------------------------------------------------------------------------+-----------------+ -| | write:discussion | | -| | Read and write team discussions | | -+-------------------------------------------------------------------------------------+-----------------+ -| | read:discussion | | -| | Read team discussions | | -+-------------------------------------------------------------------------------------+-----------------+ -| | admin:enterprise | | -| | Full control of enterprises | | -+-------------------------------------------------------------------------------------+-----------------+ -| | manage_runners:enterprise | | -| | Manage enterprise runners and runner groups | | -+-------------------------------------------------------------------------------------+-----------------+ -| | manage_billing:enterprise | | -| | Read and write enterprise billing data | | -+-------------------------------------------------------------------------------------+-----------------+ -| | read:enterprise | | -| | Read enterprise profile data | | -+-------------------------------------------------------------------------------------+-----------------+ -| | audit_log | | -| | Full control of audit log | | -+-------------------------------------------------------------------------------------+-----------------+ -| | read:audit_log | | -| | Read access of audit log | | -+-------------------------------------------------------------------------------------+-----------------+ -| | codespace | | -| | Full control of codespaces | | -+-------------------------------------------------------------------------------------+-----------------+ -| | codespace:secrets | | -| | Ability to create, read, update, and delete codespace secrets | | -+-------------------------------------------------------------------------------------+-----------------+ -| | project | | -| | Full control of projects | | -+-------------------------------------------------------------------------------------+-----------------+ -| | read:project | | -| | Read access of projects | | -+-------------------------------------------------------------------------------------+-----------------+ -| | admin:gpg_key | | -| | Full control of public user GPG keys | | -+-------------------------------------------------------------------------------------+-----------------+ -| | write:gpg_key | | -| | Write public user GPG keys | | -+-------------------------------------------------------------------------------------+-----------------+ -| | read:gpg_key | | -| | Read public user GPG keys | | -+-------------------------------------------------------------------------------------+-----------------+ -| | admin:ssh_signing_key | | -| | Full control of public user SSH signing keys | | -+-------------------------------------------------------------------------------------+-----------------+ -| | write:ssh_signing_key | | -| | Write public user SSH signing keys | | -+-------------------------------------------------------------------------------------+-----------------+ -| | read:ssh_signing_key | | -| | Read public user SSH signing keys | | -+-------------------------------------------------------------------------------------+-----------------+ +.. table:: + :class: longtable + + +-------------------------------------------------------------------------------------+------------------------+ + | **Permission** | **Status** | + +=====================================================================================+========================+ + | **repo** | |:heavy_check_mark:| | + | Full control of private repositories | | + +-------------------------------------------------------------------------------------+------------------------+ + | **repo:status** | |:x:| | + | Access commit status | | + +-------------------------------------------------------------------------------------+------------------------+ + | **repo_deployment** | |:x:| | + | Access deployment status | | + +-------------------------------------------------------------------------------------+------------------------+ + | **public_repo** | |:x:| | + | Access public repositories | | + +-------------------------------------------------------------------------------------+------------------------+ + | **repo:invite** | |:x:| | + | Access repository invitations | | + +-------------------------------------------------------------------------------------+------------------------+ + | **security_events** | |:x:| | + | Read and write security events | | + +-------------------------------------------------------------------------------------+------------------------+ + | **workflow** | |:x:| | + | Update GitHub Action workflows | | + +-------------------------------------------------------------------------------------+------------------------+ + | **write:packages** | |:x:| | + | Upload packages to GitHub Package Registry | | + +-------------------------------------------------------------------------------------+------------------------+ + | **read:packages** | |:x:| | + | Download packages from GitHub Package Registry | | + +-------------------------------------------------------------------------------------+------------------------+ + | **delete:packages** | |:x:| | + | Delete packages from GitHub Package Registry | | + +-------------------------------------------------------------------------------------+------------------------+ + | **admin:org** | |:x:| | + | Full control of orgs and teams, read and write org projects | | + +-------------------------------------------------------------------------------------+------------------------+ + | **write:org** | |:x:| | + | Read and write org and team membership, read and write org projects | | + +-------------------------------------------------------------------------------------+------------------------+ + | **read:org** | |:x:| | + | Read org and team membership, read org projects | | + +-------------------------------------------------------------------------------------+------------------------+ + | **manage_runners:org** | |:x:| | + | Manage org runners and runner groups | | + +-------------------------------------------------------------------------------------+------------------------+ + | **admin:public_key** | |:x:| | + | Full control of user public keys | | + +-------------------------------------------------------------------------------------+------------------------+ + | **write:public_key** | |:x:| | + | Write user public keys | | + +-------------------------------------------------------------------------------------+------------------------+ + | **read:public_key** | |:x:| | + | Read user public keys | | + +-------------------------------------------------------------------------------------+------------------------+ + | **admin:repo_hook** | |:x:| | + | Full control of repository hooks | | + +-------------------------------------------------------------------------------------+------------------------+ + | **write:repo_hook** | |:x:| | + | Write repository hooks | | + +-------------------------------------------------------------------------------------+------------------------+ + | **read:repo_hook** | |:x:| | + | Read repository hooks | | + +-------------------------------------------------------------------------------------+------------------------+ + | **admin:org_hook** | |:x:| | + | Full control of organization hooks | | + +-------------------------------------------------------------------------------------+------------------------+ + | **gist** | |:x:| | + | Create gists | | + +-------------------------------------------------------------------------------------+------------------------+ + | **notifications** | |:x:| | + | Access notifications | | + +-------------------------------------------------------------------------------------+------------------------+ + | **user** | |:x:| | + | Update ALL user data | | + +-------------------------------------------------------------------------------------+------------------------+ + | **read:user** | |:x:| | + | Read ALL user profile data | | + +-------------------------------------------------------------------------------------+------------------------+ + | **user:email** | |:x:| | + | Access user email addresses (read-only) | | + +-------------------------------------------------------------------------------------+------------------------+ + | **user:follow** | |:x:| | + | Follow and unfollow users | | + +-------------------------------------------------------------------------------------+------------------------+ + | **delete_repo** | |:x:| | + | Delete repositories | | + +-------------------------------------------------------------------------------------+------------------------+ + | **write:discussion** | |:x:| | + | Read and write team discussions | | + +-------------------------------------------------------------------------------------+------------------------+ + | **read:discussion** | |:x:| | + | Read team discussions | | + +-------------------------------------------------------------------------------------+------------------------+ + | **admin:enterprise** | |:x:| | + | Full control of enterprises | | + +-------------------------------------------------------------------------------------+------------------------+ + | **manage_runners:enterprise** | |:x:| | + | Manage enterprise runners and runner groups | | + +-------------------------------------------------------------------------------------+------------------------+ + | **manage_billing:enterprise** | |:x:| | + | Read and write enterprise billing data | | + +-------------------------------------------------------------------------------------+------------------------+ + | **read:enterprise** | |:x:| | + | Read enterprise profile data | | + +-------------------------------------------------------------------------------------+------------------------+ + | **audit_log** | |:x:| | + | Full control of audit log | | + +-------------------------------------------------------------------------------------+------------------------+ + | **read:audit_log** | |:x:| | + | Read access of audit log | | + +-------------------------------------------------------------------------------------+------------------------+ + | **codespace** | |:x:| | + | Full control of codespaces | | + +-------------------------------------------------------------------------------------+------------------------+ + | **codespace:secrets** | |:x:| | + | Ability to create, read, update, and delete codespace secrets | | + +-------------------------------------------------------------------------------------+------------------------+ + | **project** | |:x:| | + | Full control of projects | | + +-------------------------------------------------------------------------------------+------------------------+ + | **read:project** | |:x:| | + | Read access of projects | | + +-------------------------------------------------------------------------------------+------------------------+ + | **admin:gpg_key** | |:x:| | + | Full control of public user GPG keys | | + +-------------------------------------------------------------------------------------+------------------------+ + | **write:gpg_key** | |:x:| | + | Write public user GPG keys | | + +-------------------------------------------------------------------------------------+------------------------+ + | **read:gpg_key** | |:x:| | + | Read public user GPG keys | | + +-------------------------------------------------------------------------------------+------------------------+ + | **admin:ssh_signing_key** | |:x:| | + | Full control of public user SSH signing keys | | + +-------------------------------------------------------------------------------------+------------------------+ + | **write:ssh_signing_key** | |:x:| | + | Write public user SSH signing keys | | + +-------------------------------------------------------------------------------------+------------------------+ + | **read:ssh_signing_key** | |:x:| | + | Read public user SSH signing keys | | + +-------------------------------------------------------------------------------------+------------------------+ .. _pypi_tokens: diff --git a/requirements/requirements_doc.txt b/requirements/requirements_doc.txt index 352d0e6a..58e7a1d9 100644 --- a/requirements/requirements_doc.txt +++ b/requirements/requirements_doc.txt @@ -6,4 +6,5 @@ sphinx_design==0.4.1 sphinxcontrib-mermaid>=0.7.1 sphinx-gallery==0.13.0 Pillow>=9.0 -pyvista==0.39.1 \ No newline at end of file +pyvista==0.39.1 +sphinxemoji==0.2.0 \ No newline at end of file From 547bf4eccf726db4ca3670ad605d6691581e2601 Mon Sep 17 00:00:00 2001 From: German Date: Thu, 18 May 2023 18:17:44 +0200 Subject: [PATCH 09/15] Using pre-commit --- doc/source/how-to/continuous-integration.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/source/how-to/continuous-integration.rst b/doc/source/how-to/continuous-integration.rst index 0e86031f..e19a93d4 100644 --- a/doc/source/how-to/continuous-integration.rst +++ b/doc/source/how-to/continuous-integration.rst @@ -188,9 +188,9 @@ Organization secrets From `GitHub documentation `_ -You can use ``secrets`` to pass sensible data such as passwords, token or IP addressess to your workflows. +You can use ``secrets`` to pass sensible data such as passwords, token or IP addresses to your workflows. -By default, ``Ansys`` and ``Ansys-internal`` organizations provide certain ``secrets`` to help you to automatize/unify certain tasks such as release. +By default, ``Ansys`` and ``Ansys-internal`` organizations provide certain ``secrets`` to help you to automate/unify certain tasks such as release. Actions secrets ~~~~~~~~~~~~~~~ @@ -501,7 +501,7 @@ This token is used to ... # todo: to be added *************** This token is used for authentication when uploading libraries to PyPI and its value might change -accross repositories. +across repositories. Depending if the library is uploaded to a public PyPI index or private, its value matches :ref:`pypi_private_token` or :ref:`pypi_token`. From 4b5c5b7a4169e66ba43ecd1380ca76d4d7678c73 Mon Sep 17 00:00:00 2001 From: German <28149841+germa89@users.noreply.github.com> Date: Tue, 13 Jun 2023 12:03:44 +0200 Subject: [PATCH 10/15] Apply some suggestions from code review Co-authored-by: Kathy Pippert <84872299+PipKat@users.noreply.github.com> --- doc/source/how-to/continuous-integration.rst | 61 ++++++++++---------- doc/styles/Vocab/ANSYS/accept.txt | 9 +++ 2 files changed, 39 insertions(+), 31 deletions(-) diff --git a/doc/source/how-to/continuous-integration.rst b/doc/source/how-to/continuous-integration.rst index e19a93d4..470e4401 100644 --- a/doc/source/how-to/continuous-integration.rst +++ b/doc/source/how-to/continuous-integration.rst @@ -183,20 +183,18 @@ Workflow examples are provided for checking :ref:`Coding style`, Organization secrets -------------------- - Secrets are encrypted variables that you create in an organization, repository, or repository environment. The secrets that you create are available to use in GitHub Actions workflows. +According to `Encrypted secrets `_ in the GitHub Docs, "Secrets are encrypted variables that you create in an organization, repository, or repository environment. The secrets that you create are available to use in GitHub Actions workflows." - From `GitHub documentation `_ +You can use secrets to pass sensible data such as passwords, tokens, or IP addresses to your workflows. +The ``Ansys`` and ``Ansys-internal`` organizations provide certain secrets by default to +help you to automate or unify certain tasks, such as releasing a package. -You can use ``secrets`` to pass sensible data such as passwords, token or IP addresses to your workflows. - -By default, ``Ansys`` and ``Ansys-internal`` organizations provide certain ``secrets`` to help you to automate/unify certain tasks such as release. - -Actions secrets -~~~~~~~~~~~~~~~ +Secrets for GitHub Actions +~~~~~~~~~~~~~~~~~~~~~~~~~~ +-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ -| **SECRET** | **Repository access** | **Token?** | **Value** | **Description** | +| **Secret** | **Repository access** | **Token** | **Value** | **Description** | +=====================================+====================================+=======================================+===========================================+==============================================================================================+ | ``BOT_APPLICATION_ID`` | All repositories | No | *Secret* | Username of bot app | +-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ @@ -206,32 +204,32 @@ Actions secrets +-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ | ``LICENSE_SERVER`` | All repositories | No | *Secret* | IP address of license server | +-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ -| ``MULTIPR_DEPENDABOT`` | All repositories | :ref:`Yes (GitHub) ` | Token ``PYANSYS_CI_BOT_TOKEN`` | Bot token to be passed to bot to allow multiple library updates in one pull request. | +| ``MULTIPR_DEPENDABOT`` | All repositories | :ref:`Yes (GitHub) ` | Token ``PYANSYS_CI_BOT_TOKEN`` | Bot token to pass to bot to allow multiple library updates in one pull request. | +-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ | ``PYANSYS_CI_BOT_PACKAGE_TOKEN`` | Private and internal repositories | :ref:`Yes (GitHub) ` | Token ``PYANSYS_CI_BOT_PACKAGE_TOKEN`` | Bot token to publish (write) packages in `ghcr.io `_ registry. | +-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ -| ``PYANSYS_CI_BOT_TOKEN`` | All repositories | :ref:`Yes (GitHub) ` | Token ``PYANSYS_CI_BOT_TOKEN`` | Bot token for general purpose. It has repository read/write permissions and package read. | +| ``PYANSYS_CI_BOT_TOKEN`` | All repositories | :ref:`Yes (GitHub) ` | Token ``PYANSYS_CI_BOT_TOKEN`` | Bot token for general purpose. It has repository read/write permissions and package read permission. | +-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ | ``PYANSYS_PYPI_PRIVATE_PAT`` | All repositories | :ref:`Yes (PyPI) ` | Token ``PYANSYS_PYPI_PRIVATE_PAT`` | Token to publish to Ansys private PyPI channel. | +-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ -| ``PYPI_TOKEN`` | Private and internal repositories | :ref:`Yes (PyPI) ` | **Empty** | This should be overwritten at each repository after first public release. | +| ``PYPI_TOKEN`` | Private and internal repositories | :ref:`Yes (PyPI) ` | **Empty** | This token should be overwritten in each repository after the first public release. | +-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ | ``PYPI_TESTING_TOKEN`` | Private and internal repositories | :ref:`Yes (PyPI) ` | *Secret* | Token for testing publication to PyPI. | +-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ -| ``TWINE_TOKEN`` | Private and internal repositories | :ref:`Yes (PyPI) ` | **Empty** | This should be overwritten at each repository after first public release. | +| ``TWINE_TOKEN`` | Private and internal repositories | :ref:`Yes (PyPI) ` | **Empty** | This should be overwritten in each repository after the first public release. | +-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ -The values of the ``secrets`` can be obtained by emailing pyansys.core@ansys.com. +To obtain the values of secrets, email `pyansys.core@ansys.com `_. Dependabot secrets ~~~~~~~~~~~~~~~~~~ -These secrets in most of the cases a replica of the `Actions secrets`_. +Dependabot secrets are generally replicas of the `Secrets for GitHub Actions`_. +-------------------------------------+---------------------------------------------+----------------------------------------+----------------------------------------------+ -| **SECRET** | **Repository access** | **Token** | **Description** | +| **Secret** | **Repository access** | **Token** | **Description** | +=====================================+=============================================+========================================+==============================================+ -| ``BOT_APPLICATION_ID`` | Same as `Actions secrets`_ equivalent | +| ``BOT_APPLICATION_ID`` | `Secrets for GitHub Actions`_ equivalent | +-------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------+ | ``BOT_APPLICATION_PRIVATE_KEY`` | Same as `Actions secrets`_ equivalent | +-------------------------------------+-------------------------------------------------------------------------------------------------------------------------------------+ @@ -248,16 +246,17 @@ These secrets in most of the cases a replica of the `Actions secrets`_. Organization tokens ------------------- -To facilitate certain tasks such as authentication, ``Ansys`` and ``Ansys-internal`` organizations provide to the developer with certain tokens or personal access tokens (PATs). +To facilitate certain tasks such as authentication, the ``Ansys`` and ``Ansys-internal`` organizations provide developers with certain tokens or personal access tokens (PATs). These tokens are confidential and for internal use only. -Some of these tokens can be used as GitHub secrets, others must be requested to pyansys.core@ansys.com. +Some of these tokens can be used as GitHub Actions secrets. Others must be requested +by emailing `pyansys.core@ansys.com `_. .. _github_tokens: -GitHub tokens -~~~~~~~~~~~~~ -These tokens are meant to be used within GitHub to provide access and permissions to different tasks and repositories. +GitHub Actions tokens +~~~~~~~~~~~~~~~~~~~~~ +GitHub tokens are used within GitHub to provide access and permissions to different tasks and repositories. Fine-grained tokens ******************* @@ -265,12 +264,12 @@ Fine-grained tokens +----------------------------------------------------------------+----------------------------------------+ | | **TOKEN NAME** | ``dependabot-multi-pr`` | +================================================================+========================================+ -| | **Repository access** | Public Repositories (read-only) | +| | **Repository access** | Public repositories (read-only) | +----------------------------------------------------------------+----------------------------------------+ | | **Permissions** | | +----------------------------------------------------------------+----------------------------------------+ | | **Block another user** | No access | -| | View and manage users blocked by the user. | | +| | View and manage users who you've blocked. | | +----------------------------------------------------------------+----------------------------------------+ | | **Codespaces user secrets** | No access | | | Manage Codespaces user secrets. | | @@ -279,7 +278,7 @@ Fine-grained tokens | | Manage a user's email addresses. | | +----------------------------------------------------------------+----------------------------------------+ | | **Followers** | No access | -| | A user's followers | | +| | A user's followers. | | +----------------------------------------------------------------+----------------------------------------+ | | **GPG keys** | No access | | | View and manage a user's GPG keys. | | @@ -288,16 +287,16 @@ Fine-grained tokens | | Create and modify a user's gists and comments. | | +----------------------------------------------------------------+----------------------------------------+ | | **Git SSH keys** | No access | -| | Git SSH keys | | +| | Git SSH keys. | | +----------------------------------------------------------------+----------------------------------------+ | | **Interaction limits** | No access | -| | Interaction limits on repositories | | +| | Interaction limits on repositories. | | +----------------------------------------------------------------+----------------------------------------+ | | **Plan** | No access | | | View a user's plan. | | +----------------------------------------------------------------+----------------------------------------+ | | **Private repository invitations** | No access | -| | View a user's invitations to private repositories | | +| | View a user's invitations to private repositories. | | +----------------------------------------------------------------+----------------------------------------+ | | **Profile** | No access | | | Manage a user's profile settings. | | @@ -322,13 +321,13 @@ Classic tokens | **Permission** | **Status** | +=====================================================================================+========================+ | **repo** | |:heavy_check_mark:| | - | Full control of private repositories | | + | Full control of private repositories. | | +-------------------------------------------------------------------------------------+------------------------+ | **repo:status** | |:x:| | - | Access commit status | | + | Access commit status. | | +-------------------------------------------------------------------------------------+------------------------+ | **repo_deployment** | |:x:| | - | Access deployment status | | + | Access deployment status. | | +-------------------------------------------------------------------------------------+------------------------+ | **public_repo** | |:x:| | | Access public repositories | | diff --git a/doc/styles/Vocab/ANSYS/accept.txt b/doc/styles/Vocab/ANSYS/accept.txt index fa7a3c24..d11c360f 100644 --- a/doc/styles/Vocab/ANSYS/accept.txt +++ b/doc/styles/Vocab/ANSYS/accept.txt @@ -89,3 +89,12 @@ unittest unvalidated venv worktree +Gists +repo +repo_deployment +public_repo +security_events +orgs +unfollow +delete_repo +audit_log From c87ff1a25afc1275addd065a36038d9081d62dcd Mon Sep 17 00:00:00 2001 From: German <28149841+germa89@users.noreply.github.com> Date: Tue, 13 Jun 2023 12:08:14 +0200 Subject: [PATCH 11/15] Apply one suggestion from code review --- doc/source/how-to/continuous-integration.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/source/how-to/continuous-integration.rst b/doc/source/how-to/continuous-integration.rst index 470e4401..9ea23eb1 100644 --- a/doc/source/how-to/continuous-integration.rst +++ b/doc/source/how-to/continuous-integration.rst @@ -390,7 +390,7 @@ Classic tokens | Access notifications | | +-------------------------------------------------------------------------------------+------------------------+ | **user** | |:x:| | - | Update ALL user data | | + | Update **all** user data. | | +-------------------------------------------------------------------------------------+------------------------+ | **read:user** | |:x:| | | Read ALL user profile data | | From 6b8e20825edf1696df87e0b1a1c7ea131e6fd4ce Mon Sep 17 00:00:00 2001 From: German <28149841+germa89@users.noreply.github.com> Date: Tue, 13 Jun 2023 12:11:12 +0200 Subject: [PATCH 12/15] Apply suggestions from code review Co-authored-by: Kathy Pippert <84872299+PipKat@users.noreply.github.com> --- doc/source/how-to/continuous-integration.rst | 39 +++++++++++--------- 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/doc/source/how-to/continuous-integration.rst b/doc/source/how-to/continuous-integration.rst index 9ea23eb1..77efd615 100644 --- a/doc/source/how-to/continuous-integration.rst +++ b/doc/source/how-to/continuous-integration.rst @@ -469,22 +469,23 @@ PyPI tokens ``PYANSYS_PYPI_PRIVATE_PAT`` **************************** -Used for authentication when uploading libraries to the private Ansys PyPI index. -It can be used as password for the `twine `_ library. +The ``PYANSYS_PYPI_PRIVATE_PAT`` token is used for authentication when uploading +libraries to the private Ansys PyPI index. This token can be used as the password for +the `twine `_ library. .. _pypi_token: ``PYPI_TOKEN`` ************** -The value of this token is unique for each repository. -Used for authentication when uploading libraries to the public PyPI index. +The value of the ``PYPI_TOKEN`` token is unique for each repository. +This token is used for authentication when uploading libraries to the public PyPI index. ``PYPI_TESTING_TOKEN`` ********************** -Used for testing uploads to public PyPI index. +The ``PYPI_TESTING_TOKEN`` token is used for testing uploads to the public PyPI index. Other tokens @@ -493,15 +494,16 @@ Other tokens ``HUGO_THEME_TOKEN`` ******************** -This token is used to ... # todo: to be added +The ``HUGO_THEME_TOKEN`` token is used to ... # todo: to be added ``TWINE_TOKEN`` *************** -This token is used for authentication when uploading libraries to PyPI and its value might change +The ``TWINE_TOKEN`` token is used for authentication when uploading libraries to PyPI. +Its value might change across repositories. -Depending if the library is uploaded to a public PyPI index or private, its value matches +Depending if the library is uploaded to a public PyPI index or the Ansys private PyPI index, its value matches :ref:`pypi_private_token` or :ref:`pypi_token`. @@ -511,18 +513,19 @@ Depending if the library is uploaded to a public PyPI index or private, its valu Organization bot ---------------- -Because the usage of user personal access tokens (PATs) is discouraged, ``Ansys`` and ``Ansys-internal`` -organizations provide with a bot called ``ansys-bot`` to perform certain tasks which requires autentification, -for example github pages publication or docker image registry login. +Because the usage of personal access tokens (PATs) is discouraged, the ``Ansys`` +and ``Ansys-internal`` organizations provide a bot named ``ansys-bot`` to +perform certain tasks that require authentication. For example, this bot provides +for publishing GitHub pages or logging into a Docker image registry. -To use the bot for these tasks, you need to use the bot tokens provided through secrets (see :ref:`organization_secrets`). -To get a better overview of the permissions of each token see :ref:`organization_tokens`. +To use the bot for these tasks, you must use the bot tokens provided through secrets. For +more information, see :ref:`organization_secrets`. For an overview of each token's permissions, +see :ref:`organization_tokens`. By default, the bot has access to **all repositories** and has the following permissions: -* **Read and write** access to **actions, code, packages, and pull requests** -* **Read** access to **metadata and organization secrets** +* **Read and write** permission to **actions, code, packages, and pull requests** +* **Read** permission to **metadata and organization secrets** -Those permissions can be obtained using a temporal token obtained from the ``BOT_APPLICATION_PRIVATE_KEY`` token -and the `peter-murray/workflow-application-token-action `_. -Visit :ref:`deploying_to_another_repo` for a documented example. \ No newline at end of file +These permissions can be obtained using a temporal token obtained from +the ``BOT_APPLICATION_PRIVATE_KEY`` token and the `peter-murray/workflow-application-token-action `_. For an example, see :ref:`deploying_to_another_repo`. \ No newline at end of file From 2e9e1d8d3e821319698e094154bd779fbdf292ed Mon Sep 17 00:00:00 2001 From: German <28149841+germa89@users.noreply.github.com> Date: Tue, 13 Jun 2023 12:11:48 +0200 Subject: [PATCH 13/15] Apply suggestions from code review --- doc/source/how-to/continuous-integration.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/source/how-to/continuous-integration.rst b/doc/source/how-to/continuous-integration.rst index 77efd615..223a5d15 100644 --- a/doc/source/how-to/continuous-integration.rst +++ b/doc/source/how-to/continuous-integration.rst @@ -330,10 +330,10 @@ Classic tokens | Access deployment status. | | +-------------------------------------------------------------------------------------+------------------------+ | **public_repo** | |:x:| | - | Access public repositories | | + | Access public repositories. | | +-------------------------------------------------------------------------------------+------------------------+ | **repo:invite** | |:x:| | - | Access repository invitations | | + | Access repository invitations. | | +-------------------------------------------------------------------------------------+------------------------+ | **security_events** | |:x:| | | Read and write security events | | @@ -351,7 +351,7 @@ Classic tokens | Delete packages from GitHub Package Registry | | +-------------------------------------------------------------------------------------+------------------------+ | **admin:org** | |:x:| | - | Full control of orgs and teams, read and write org projects | | + | Full control of orgs and teams, read, and write org projects | | +-------------------------------------------------------------------------------------+------------------------+ | **write:org** | |:x:| | | Read and write org and team membership, read and write org projects | | From d552104e1113b0cfb05022a25f2c148f919ed258 Mon Sep 17 00:00:00 2001 From: German <28149841+germa89@users.noreply.github.com> Date: Tue, 13 Jun 2023 12:12:35 +0200 Subject: [PATCH 14/15] Apply suggestions from code review --- doc/source/how-to/continuous-integration.rst | 68 ++++++++++---------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/doc/source/how-to/continuous-integration.rst b/doc/source/how-to/continuous-integration.rst index 223a5d15..0cc14a35 100644 --- a/doc/source/how-to/continuous-integration.rst +++ b/doc/source/how-to/continuous-integration.rst @@ -354,109 +354,109 @@ Classic tokens | Full control of orgs and teams, read, and write org projects | | +-------------------------------------------------------------------------------------+------------------------+ | **write:org** | |:x:| | - | Read and write org and team membership, read and write org projects | | + | Read and write org and team membership, read, and write org projects | | +-------------------------------------------------------------------------------------+------------------------+ | **read:org** | |:x:| | - | Read org and team membership, read org projects | | + | Read org and team membership, read, org projects. | | +-------------------------------------------------------------------------------------+------------------------+ | **manage_runners:org** | |:x:| | - | Manage org runners and runner groups | | + | Manage org runners and runner groups. | | +-------------------------------------------------------------------------------------+------------------------+ | **admin:public_key** | |:x:| | - | Full control of user public keys | | + | Full control of user public keys. | | +-------------------------------------------------------------------------------------+------------------------+ | **write:public_key** | |:x:| | - | Write user public keys | | + | Write user public keys. | | +-------------------------------------------------------------------------------------+------------------------+ | **read:public_key** | |:x:| | - | Read user public keys | | + | Read user public keys. | | +-------------------------------------------------------------------------------------+------------------------+ | **admin:repo_hook** | |:x:| | - | Full control of repository hooks | | + | Full control of repository hooks. | | +-------------------------------------------------------------------------------------+------------------------+ | **write:repo_hook** | |:x:| | - | Write repository hooks | | + | Write repository hooks. | | +-------------------------------------------------------------------------------------+------------------------+ | **read:repo_hook** | |:x:| | - | Read repository hooks | | + | Read repository hooks. | | +-------------------------------------------------------------------------------------+------------------------+ | **admin:org_hook** | |:x:| | - | Full control of organization hooks | | + | Full control of organization hooks. | | +-------------------------------------------------------------------------------------+------------------------+ | **gist** | |:x:| | - | Create gists | | + | Create gists. | | +-------------------------------------------------------------------------------------+------------------------+ | **notifications** | |:x:| | - | Access notifications | | + | Access notifications. | | +-------------------------------------------------------------------------------------+------------------------+ | **user** | |:x:| | | Update **all** user data. | | +-------------------------------------------------------------------------------------+------------------------+ | **read:user** | |:x:| | - | Read ALL user profile data | | + | Read ALL user profile data. | | +-------------------------------------------------------------------------------------+------------------------+ | **user:email** | |:x:| | - | Access user email addresses (read-only) | | + | Access user email addresses (read-only). | | +-------------------------------------------------------------------------------------+------------------------+ | **user:follow** | |:x:| | - | Follow and unfollow users | | + | Follow and unfollow users. | | +-------------------------------------------------------------------------------------+------------------------+ | **delete_repo** | |:x:| | - | Delete repositories | | + | Delete repositories. | | +-------------------------------------------------------------------------------------+------------------------+ | **write:discussion** | |:x:| | - | Read and write team discussions | | + | Read and write team discussions. | | +-------------------------------------------------------------------------------------+------------------------+ | **read:discussion** | |:x:| | - | Read team discussions | | + | Read team discussions. | | +-------------------------------------------------------------------------------------+------------------------+ | **admin:enterprise** | |:x:| | - | Full control of enterprises | | + | Full control of enterprises. | | +-------------------------------------------------------------------------------------+------------------------+ | **manage_runners:enterprise** | |:x:| | - | Manage enterprise runners and runner groups | | + | Manage enterprise runners and runner groups. | | +-------------------------------------------------------------------------------------+------------------------+ | **manage_billing:enterprise** | |:x:| | - | Read and write enterprise billing data | | + | Read and write enterprise billing data. | | +-------------------------------------------------------------------------------------+------------------------+ | **read:enterprise** | |:x:| | - | Read enterprise profile data | | + | Read enterprise profile data. | | +-------------------------------------------------------------------------------------+------------------------+ | **audit_log** | |:x:| | - | Full control of audit log | | + | Full control of audit log. | | +-------------------------------------------------------------------------------------+------------------------+ | **read:audit_log** | |:x:| | - | Read access of audit log | | + | Read access of audit log. | | +-------------------------------------------------------------------------------------+------------------------+ | **codespace** | |:x:| | - | Full control of codespaces | | + | Full control of codespaces. | | +-------------------------------------------------------------------------------------+------------------------+ | **codespace:secrets** | |:x:| | - | Ability to create, read, update, and delete codespace secrets | | + | Ability to create, read, update, and delete codespace secrets. | | +-------------------------------------------------------------------------------------+------------------------+ | **project** | |:x:| | - | Full control of projects | | + | Full control of projects. | | +-------------------------------------------------------------------------------------+------------------------+ | **read:project** | |:x:| | - | Read access of projects | | + | Read access of projects. | | +-------------------------------------------------------------------------------------+------------------------+ | **admin:gpg_key** | |:x:| | - | Full control of public user GPG keys | | + | Full control of public user GPG keys. | | +-------------------------------------------------------------------------------------+------------------------+ | **write:gpg_key** | |:x:| | - | Write public user GPG keys | | + | Write public user GPG keys. | | +-------------------------------------------------------------------------------------+------------------------+ | **read:gpg_key** | |:x:| | - | Read public user GPG keys | | + | Read public user GPG keys. | | +-------------------------------------------------------------------------------------+------------------------+ | **admin:ssh_signing_key** | |:x:| | - | Full control of public user SSH signing keys | | + | Full control of public user SSH signing keys. | | +-------------------------------------------------------------------------------------+------------------------+ | **write:ssh_signing_key** | |:x:| | - | Write public user SSH signing keys | | + | Write public user SSH signing keys. | | +-------------------------------------------------------------------------------------+------------------------+ | **read:ssh_signing_key** | |:x:| | - | Read public user SSH signing keys | | + | Read public user SSH signing keys. | | +-------------------------------------------------------------------------------------+------------------------+ .. _pypi_tokens: From 852a9adf3afe8181f4a62cf34dddb097b0c96b5d Mon Sep 17 00:00:00 2001 From: German <28149841+germa89@users.noreply.github.com> Date: Fri, 16 Jun 2023 18:31:04 +0200 Subject: [PATCH 15/15] Apply some suggestions from code review Co-authored-by: Roberto Pastor Muela <37798125+RobPasMue@users.noreply.github.com> Co-authored-by: Maxime Rey <87315832+MaxJPRey@users.noreply.github.com> Co-authored-by: Kathy Pippert <84872299+PipKat@users.noreply.github.com> --- doc/source/how-to/continuous-integration.rst | 42 ++++++++++---------- doc/styles/Vocab/ANSYS/accept.txt | 1 + 2 files changed, 21 insertions(+), 22 deletions(-) diff --git a/doc/source/how-to/continuous-integration.rst b/doc/source/how-to/continuous-integration.rst index 0cc14a35..b7d0ebcf 100644 --- a/doc/source/how-to/continuous-integration.rst +++ b/doc/source/how-to/continuous-integration.rst @@ -183,11 +183,14 @@ Workflow examples are provided for checking :ref:`Coding style`, Organization secrets -------------------- -According to `Encrypted secrets `_ in the GitHub Docs, "Secrets are encrypted variables that you create in an organization, repository, or repository environment. The secrets that you create are available to use in GitHub Actions workflows." +According to `Encrypted secrets `_ +in the GitHub Docs, "Secrets are encrypted variables that you create in an organization, +repository, or repository environment. The secrets that you create are available to use in +GitHub Actions workflows." -You can use secrets to pass sensible data such as passwords, tokens, or IP addresses to your workflows. +You can use secrets to pass sensitive data such as passwords, tokens, or IP addresses to your workflows. -The ``Ansys`` and ``Ansys-internal`` organizations provide certain secrets by default to +The ``ansys`` and ``ansys-internal`` organizations provide certain secrets by default to help you to automate or unify certain tasks, such as releasing a package. Secrets for GitHub Actions @@ -216,7 +219,7 @@ Secrets for GitHub Actions +-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ | ``PYPI_TESTING_TOKEN`` | Private and internal repositories | :ref:`Yes (PyPI) ` | *Secret* | Token for testing publication to PyPI. | +-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ -| ``TWINE_TOKEN`` | Private and internal repositories | :ref:`Yes (PyPI) ` | **Empty** | This should be overwritten in each repository after the first public release. | +| ``TWINE_TOKEN`` | Private and internal repositories | :ref:`Yes (PyPI) ` | **Empty** | This token should be overwritten in each repository after the first public release. | +-------------------------------------+------------------------------------+---------------------------------------+-------------------------------------------+----------------------------------------------------------------------------------------------+ To obtain the values of secrets, email `pyansys.core@ansys.com `_. @@ -246,7 +249,7 @@ Dependabot secrets are generally replicas of the `Secrets for GitHub Actions`_. Organization tokens ------------------- -To facilitate certain tasks such as authentication, the ``Ansys`` and ``Ansys-internal`` organizations provide developers with certain tokens or personal access tokens (PATs). +To facilitate certain tasks such as authentication, the ``ansys`` and ``ansys-internal`` organizations provide developers with certain tokens or personal access tokens (PATs). These tokens are confidential and for internal use only. Some of these tokens can be used as GitHub Actions secrets. Others must be requested by emailing `pyansys.core@ansys.com `_. @@ -256,7 +259,7 @@ by emailing `pyansys.core@ansys.com `_. GitHub Actions tokens ~~~~~~~~~~~~~~~~~~~~~ -GitHub tokens are used within GitHub to provide access and permissions to different tasks and repositories. +GitHub Actions tokens are used within GitHub to provide access and permissions to different tasks and repositories. Fine-grained tokens ******************* @@ -269,7 +272,7 @@ Fine-grained tokens | | **Permissions** | | +----------------------------------------------------------------+----------------------------------------+ | | **Block another user** | No access | -| | View and manage users who you've blocked. | | +| | View and manage users who you've blocked. | | +----------------------------------------------------------------+----------------------------------------+ | | **Codespaces user secrets** | No access | | | Manage Codespaces user secrets. | | @@ -336,25 +339,25 @@ Classic tokens | Access repository invitations. | | +-------------------------------------------------------------------------------------+------------------------+ | **security_events** | |:x:| | - | Read and write security events | | + | Read and write security events. | | +-------------------------------------------------------------------------------------+------------------------+ | **workflow** | |:x:| | - | Update GitHub Action workflows | | + | Update GitHub Action workflows. | | +-------------------------------------------------------------------------------------+------------------------+ | **write:packages** | |:x:| | - | Upload packages to GitHub Package Registry | | + | Upload packages to GitHub Package Registry. | | +-------------------------------------------------------------------------------------+------------------------+ | **read:packages** | |:x:| | - | Download packages from GitHub Package Registry | | + | Download packages from GitHub Package Registry. | | +-------------------------------------------------------------------------------------+------------------------+ | **delete:packages** | |:x:| | - | Delete packages from GitHub Package Registry | | + | Delete packages from GitHub Package Registry. | | +-------------------------------------------------------------------------------------+------------------------+ | **admin:org** | |:x:| | - | Full control of orgs and teams, read, and write org projects | | + | Full control of orgs and teams, read, and write org projects. | | +-------------------------------------------------------------------------------------+------------------------+ | **write:org** | |:x:| | - | Read and write org and team membership, read, and write org projects | | + | Read and write org and team membership, read, and write org projects. | | +-------------------------------------------------------------------------------------+------------------------+ | **read:org** | |:x:| | | Read org and team membership, read, org projects. | | @@ -491,18 +494,13 @@ The ``PYPI_TESTING_TOKEN`` token is used for testing uploads to the public PyPI Other tokens ~~~~~~~~~~~~ -``HUGO_THEME_TOKEN`` -******************** - -The ``HUGO_THEME_TOKEN`` token is used to ... # todo: to be added ``TWINE_TOKEN`` *************** The ``TWINE_TOKEN`` token is used for authentication when uploading libraries to PyPI. -Its value might change -across repositories. +Its value might change across repositories. Depending if the library is uploaded to a public PyPI index or the Ansys private PyPI index, its value matches :ref:`pypi_private_token` or :ref:`pypi_token`. @@ -513,8 +511,8 @@ Depending if the library is uploaded to a public PyPI index or the Ansys private Organization bot ---------------- -Because the usage of personal access tokens (PATs) is discouraged, the ``Ansys`` -and ``Ansys-internal`` organizations provide a bot named ``ansys-bot`` to +Because the usage of personal access tokens (PATs) is discouraged, the ``ansys`` +and ``ansys-internal`` organizations provide a bot named ``ansys-bot`` to perform certain tasks that require authentication. For example, this bot provides for publishing GitHub pages or logging into a Docker image registry. diff --git a/doc/styles/Vocab/ANSYS/accept.txt b/doc/styles/Vocab/ANSYS/accept.txt index d11c360f..a8b61782 100644 --- a/doc/styles/Vocab/ANSYS/accept.txt +++ b/doc/styles/Vocab/ANSYS/accept.txt @@ -8,6 +8,7 @@ Brinkrolf CI/CD CLI Codespaces +Codespace Codespell componentization Componentization