Skip to content

Add BCR publishing automation with workflow and configuration#12555

Open
mmorel-35 wants to merge 1 commit intogrpc:masterfrom
mmorel-35:bcr
Open

Add BCR publishing automation with workflow and configuration#12555
mmorel-35 wants to merge 1 commit intogrpc:masterfrom
mmorel-35:bcr

Conversation

@mmorel-35
Copy link
Contributor

@mmorel-35 mmorel-35 commented Dec 6, 2025
edited
Loading

@kannanjgithub kannanjgithub added the kokoro:run Add this label to a PR to tell Kokoro the code is safe and tests can be run label Dec 8, 2025
@grpc-kokoro grpc-kokoro removed the kokoro:run Add this label to a PR to tell Kokoro the code is safe and tests can be run label Dec 8, 2025
kannanjgithub
kannanjgithub requested changes Dec 8, 2025
View reviewed changes
Copy link
Contributor

@kannanjgithub kannanjgithub left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution.

.bcr/README.md

- Go to Settings → Actions → General → Workflow permissions
- Ensure "Read and write permissions" is selected
- Ensure "Allow GitHub Actions to create and approve pull requests" is checked
Copy link
Contributor

@kannanjgithub kannanjgithub Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure if this permission is granted and I don't have access to the repository options in Settings. Adding Eric as reviewer who has that access.

Copy link
Member

@ejona86 ejona86 Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In no way do we want to give this write permissions to grpc-java. If that's required, then we will simply continue not publishing to BCR. That's not okay, as we try to give almost nothing write access to our repository. It would be fine to give it write permissions to a repo like https://github.com/grpc/bazel-central-registry

.bcr/README.md

1. Go to the grpc-java repository Settings → Secrets and variables → Actions
2. Click "New repository secret"
3. Name: `BCR_PUBLISH_TOKEN`
Copy link
Contributor

@kannanjgithub kannanjgithub Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have added a new repository secret with this name.

Copy link
Member

@ejona86 ejona86 Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't want to do that. Your account has permissions to lots of things we don't want this to have access to. We can try to purpose one of our robot accounts for this, although right now I think they have more access then we'd want as well. We need to determine a way to give it write access to only what it needs.

@kannanjgithub kannanjgithub requested a review from ejona86 December 8, 2025 12:36
@mmorel-35
Add BCR publishing automation with workflow and configuration
e39898b 
Signed-off-by: Matthieu MOREL <matthieu.morel35@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kannanjgithub kannanjgithub kannanjgithub requested changes

@ejona86 ejona86 Awaiting requested review from ejona86

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mmorel-35 @ejona86 @kannanjgithub @grpc-kokoro