You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mxnet.apache.org by Yuelin Zhang <zh...@gmail.com> on 2018/07/12 17:57:35 UTC
Access Permission of MXNet label bot
Hi,
I am working to improve the GitHub issue triage process by creating a label
bot(more info here
<https://cwiki.apache.org/confluence/display/MXNET/Deep+Learning+Based+GitHub+Label+Bot>
on
the cwiki), I have initial version of label bot ready. I would like to get
some opinions about access permission of MXNet label bot.
Right now, all issues in MXNet repo are manually labeled. The process looks
like below:
First, contributors/committers go through the issues to triage them and
suggest labels and add comment on the issue requesting @committer to add
labels.
This process will cause notification spam to both committers and users. The
long gap between user creating an issue and we labelling them will cause
the process time consuming and not very smooth.
We want to simplify/automate this issue labeling process. Right now an
initial version of the label bot which can:
1. Send issue report daily. This report will show how many issue
open/closed, list uncommented/unlabeled issues and show an pie chart of
labels added in a week. Sample report here
<https://cwiki.apache.org/confluence/display/MXNET/Deep+Learning+Based+GitHub+Label+Bot#DeepLearningBasedGitHubLabelBot-SampleIssueReport>
.
2. Generate a spread sheet of unlabeled issues with recommended labels.
A contributor will open the sheet and fill in labels with reference of
bot's recommendations. In this case, contributor can deal with all
unlabeled issues at a time. Sample sheet here
<https://cwiki.apache.org/confluence/display/MXNET/Deep+Learning+Based+GitHub+Label+Bot#DeepLearningBasedGitHubLabelBot-SampleSpreadSheet>
.
3. Read labels filled in that sheet and apply labels to GitHub issues.
(tested on my personal Github repo)
This bot can be triggered daily so that all issues will be labeled in one
day without notification spam.
*However, this bot doesn't have access to add labels. We have two options:*
- Use a committer's Oauth token with limited scope. So far according to my
research, the most limited scope is "public_repo", this contains access to
code. Except this one, Github doesn't have smaller scope available to add
labels. Available scopes here
<https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/>
.
- Create a bot account having minimum permissions. For this, we will need
an account to be created from Apache Infrastructure with proper access and
they can control the access for the account through secret manager
<https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html> .
Having a bot account is beneficial for future work, not only for labelling
but also other automatic processes.
Please let me know if you have any other ideas to do this.
Thanks,
Cathy
Re: Access Permission of MXNet label bot
Posted by Marco de Abreu <ma...@googlemail.com.INVALID>.
Hello,
I have just had a quick chat with Apache Infra on HipChat and asked about a
few more details around the restrictions of a GitHub bots. It seems like
the biggest restriction is that the bot is unable to make commits due to
all committers requiring an ICLA. Luckily, this is not a requirement for
this bot, so we should be good with moving ahead.
Infra instructed me to get a JIRA ticket filed against them, containing all
details. I have requested Suneel Marthi to create the ticket on our behalf
(due to the restriction that we are not allowed to file tickets ourselves).
It should have the following content:
----------------------
The Apache MXNet (incubating) community is requesting a GitHub bot account
(see
https://lists.apache.org/thread.html/c0918f100204bc7270951fd31de7a58d376dfef061e184ae64c0c90c@%3Cdev.mxnet.apache.org%3E).
The bot only needs to execute the following actions:
- Apply labels
- Remove labels
- Add comments
- Edit comments
We would appreciate it if we could be provided with such an account.
----------------------
I will come back as soon as I got new information. Until then, the
deployment of the label bot is blocked.
Best regards,
Marco
On Fri, Jul 13, 2018 at 7:20 AM Yuelin Zhang <zh...@gmail.com>
wrote:
> That's a very good solution! I will provide documentations about how to
> run/test/maintain it. Will reach out to see how can we collaborate on it.
>
> Thanks,
> Cathy
>
> On Thu, Jul 12, 2018 at 4:09 PM, Naveen Swamy <mn...@gmail.com> wrote:
>
> > +1 to running it inside a controlled environment.
> >
> > On Thu, Jul 12, 2018 at 11:32 AM, Qing Lan <la...@live.com> wrote:
> >
> > > I think putting in the Infra can be a really good solution.
> > > We do not expose the credential to the outside and we can make sure it
> > can
> > > be run in a timely manner.
> > >
> > > Thanks,
> > > Qing
> > >
> > > On 7/12/18, 11:11 AM, "Marco de Abreu" <marco.g.abreu@googlemail.com.
> > INVALID>
> > > wrote:
> > >
> > > Hello Cathy,
> > >
> > > unfortunately, we're not allowed to use bot accounts at Apache.
> > >
> > > An option we have is that we run your bot in our infrastructure
> with
> > > the
> > > credentials of a committer with the permission you have mentioned.
> > The
> > > only
> > > restriction would be that you would not be able to access that
> server
> > > because the credentials are confidential user data of a committer.
> > > Would
> > > this work for you?
> > >
> > > Best regards,
> > > Marco
> > >
> > > On Thu, Jul 12, 2018 at 8:57 PM Yuelin Zhang <
> > > zhangyuelinchina@gmail.com>
> > > wrote:
> > >
> > > > Hi,
> > > >
> > > > I am working to improve the GitHub issue triage process by
> creating
> > > a label
> > > > bot(more info here
> > > > <
> > > > https://cwiki.apache.org/confluence/display/MXNET/Deep+
> > > Learning+Based+GitHub+Label+Bot
> > > > >
> > > > on
> > > > the cwiki), I have initial version of label bot ready. I would
> like
> > > to get
> > > > some opinions about access permission of MXNet label bot.
> > > >
> > > > Right now, all issues in MXNet repo are manually labeled. The
> > > process looks
> > > > like below:
> > > > First, contributors/committers go through the issues to triage
> them
> > > and
> > > > suggest labels and add comment on the issue requesting @committer
> > to
> > > add
> > > > labels.
> > > >
> > > > This process will cause notification spam to both committers and
> > > users. The
> > > > long gap between user creating an issue and we labelling them
> will
> > > cause
> > > > the process time consuming and not very smooth.
> > > >
> > > > We want to simplify/automate this issue labeling process. Right
> now
> > > an
> > > > initial version of the label bot which can:
> > > >
> > > > 1. Send issue report daily. This report will show how many
> > issue
> > > > open/closed, list uncommented/unlabeled issues and show an pie
> > > chart of
> > > > labels added in a week. Sample report here
> > > > <
> > > > https://cwiki.apache.org/confluence/display/MXNET/Deep+
> > > Learning+Based+GitHub+Label+Bot#DeepLearningBasedGitHubLabelBo
> > > t-SampleIssueReport
> > > > >
> > > > .
> > > > 2. Generate a spread sheet of unlabeled issues with
> recommended
> > > labels.
> > > > A contributor will open the sheet and fill in labels with
> > > reference of
> > > > bot's recommendations. In this case, contributor can deal with
> > all
> > > > unlabeled issues at a time. Sample sheet here
> > > > <
> > > > https://cwiki.apache.org/confluence/display/MXNET/Deep+
> > > Learning+Based+GitHub+Label+Bot#DeepLearningBasedGitHubLabelBo
> > > t-SampleSpreadSheet
> > > > >
> > > > .
> > > > 3. Read labels filled in that sheet and apply labels to
> GitHub
> > > issues.
> > > > (tested on my personal Github repo)
> > > >
> > > >
> > > > This bot can be triggered daily so that all issues will be
> labeled
> > > in one
> > > > day without notification spam.
> > > >
> > > > *However, this bot doesn't have access to add labels. We have
> two
> > > > options:*
> > > >
> > > > - Use a committer's Oauth token with limited scope. So far
> > according
> > > to my
> > > > research, the most limited scope is "public_repo", this contains
> > > access to
> > > > code. Except this one, Github doesn't have smaller scope
> available
> > > to add
> > > > labels. Available scopes here
> > > > <
> > > > https://developer.github.com/apps/building-oauth-apps/
> > > understanding-scopes-for-oauth-apps/
> > > > >
> > > > .
> > > >
> > > > - Create a bot account having minimum permissions. For this, we
> > will
> > > need
> > > > an account to be created from Apache Infrastructure with proper
> > > access and
> > > > they can control the access for the account through secret
> manager
> > > > <https://docs.aws.amazon.com/secretsmanager/latest/
> > > userguide/intro.html> .
> > > > Having a bot account is beneficial for future work, not only for
> > > labelling
> > > > but also other automatic processes.
> > > >
> > > > Please let me know if you have any other ideas to do this.
> > > >
> > > > Thanks,
> > > > Cathy
> > > >
> > >
> > >
> > >
> >
>
Re: Access Permission of MXNet label bot
Posted by Yuelin Zhang <zh...@gmail.com>.
That's a very good solution! I will provide documentations about how to
run/test/maintain it. Will reach out to see how can we collaborate on it.
Thanks,
Cathy
On Thu, Jul 12, 2018 at 4:09 PM, Naveen Swamy <mn...@gmail.com> wrote:
> +1 to running it inside a controlled environment.
>
> On Thu, Jul 12, 2018 at 11:32 AM, Qing Lan <la...@live.com> wrote:
>
> > I think putting in the Infra can be a really good solution.
> > We do not expose the credential to the outside and we can make sure it
> can
> > be run in a timely manner.
> >
> > Thanks,
> > Qing
> >
> > On 7/12/18, 11:11 AM, "Marco de Abreu" <marco.g.abreu@googlemail.com.
> INVALID>
> > wrote:
> >
> > Hello Cathy,
> >
> > unfortunately, we're not allowed to use bot accounts at Apache.
> >
> > An option we have is that we run your bot in our infrastructure with
> > the
> > credentials of a committer with the permission you have mentioned.
> The
> > only
> > restriction would be that you would not be able to access that server
> > because the credentials are confidential user data of a committer.
> > Would
> > this work for you?
> >
> > Best regards,
> > Marco
> >
> > On Thu, Jul 12, 2018 at 8:57 PM Yuelin Zhang <
> > zhangyuelinchina@gmail.com>
> > wrote:
> >
> > > Hi,
> > >
> > > I am working to improve the GitHub issue triage process by creating
> > a label
> > > bot(more info here
> > > <
> > > https://cwiki.apache.org/confluence/display/MXNET/Deep+
> > Learning+Based+GitHub+Label+Bot
> > > >
> > > on
> > > the cwiki), I have initial version of label bot ready. I would like
> > to get
> > > some opinions about access permission of MXNet label bot.
> > >
> > > Right now, all issues in MXNet repo are manually labeled. The
> > process looks
> > > like below:
> > > First, contributors/committers go through the issues to triage them
> > and
> > > suggest labels and add comment on the issue requesting @committer
> to
> > add
> > > labels.
> > >
> > > This process will cause notification spam to both committers and
> > users. The
> > > long gap between user creating an issue and we labelling them will
> > cause
> > > the process time consuming and not very smooth.
> > >
> > > We want to simplify/automate this issue labeling process. Right now
> > an
> > > initial version of the label bot which can:
> > >
> > > 1. Send issue report daily. This report will show how many
> issue
> > > open/closed, list uncommented/unlabeled issues and show an pie
> > chart of
> > > labels added in a week. Sample report here
> > > <
> > > https://cwiki.apache.org/confluence/display/MXNET/Deep+
> > Learning+Based+GitHub+Label+Bot#DeepLearningBasedGitHubLabelBo
> > t-SampleIssueReport
> > > >
> > > .
> > > 2. Generate a spread sheet of unlabeled issues with recommended
> > labels.
> > > A contributor will open the sheet and fill in labels with
> > reference of
> > > bot's recommendations. In this case, contributor can deal with
> all
> > > unlabeled issues at a time. Sample sheet here
> > > <
> > > https://cwiki.apache.org/confluence/display/MXNET/Deep+
> > Learning+Based+GitHub+Label+Bot#DeepLearningBasedGitHubLabelBo
> > t-SampleSpreadSheet
> > > >
> > > .
> > > 3. Read labels filled in that sheet and apply labels to GitHub
> > issues.
> > > (tested on my personal Github repo)
> > >
> > >
> > > This bot can be triggered daily so that all issues will be labeled
> > in one
> > > day without notification spam.
> > >
> > > *However, this bot doesn't have access to add labels. We have two
> > > options:*
> > >
> > > - Use a committer's Oauth token with limited scope. So far
> according
> > to my
> > > research, the most limited scope is "public_repo", this contains
> > access to
> > > code. Except this one, Github doesn't have smaller scope available
> > to add
> > > labels. Available scopes here
> > > <
> > > https://developer.github.com/apps/building-oauth-apps/
> > understanding-scopes-for-oauth-apps/
> > > >
> > > .
> > >
> > > - Create a bot account having minimum permissions. For this, we
> will
> > need
> > > an account to be created from Apache Infrastructure with proper
> > access and
> > > they can control the access for the account through secret manager
> > > <https://docs.aws.amazon.com/secretsmanager/latest/
> > userguide/intro.html> .
> > > Having a bot account is beneficial for future work, not only for
> > labelling
> > > but also other automatic processes.
> > >
> > > Please let me know if you have any other ideas to do this.
> > >
> > > Thanks,
> > > Cathy
> > >
> >
> >
> >
>
Re: Access Permission of MXNet label bot
Posted by Naveen Swamy <mn...@gmail.com>.
+1 to running it inside a controlled environment.
On Thu, Jul 12, 2018 at 11:32 AM, Qing Lan <la...@live.com> wrote:
> I think putting in the Infra can be a really good solution.
> We do not expose the credential to the outside and we can make sure it can
> be run in a timely manner.
>
> Thanks,
> Qing
>
> On 7/12/18, 11:11 AM, "Marco de Abreu" <ma...@googlemail.com.INVALID>
> wrote:
>
> Hello Cathy,
>
> unfortunately, we're not allowed to use bot accounts at Apache.
>
> An option we have is that we run your bot in our infrastructure with
> the
> credentials of a committer with the permission you have mentioned. The
> only
> restriction would be that you would not be able to access that server
> because the credentials are confidential user data of a committer.
> Would
> this work for you?
>
> Best regards,
> Marco
>
> On Thu, Jul 12, 2018 at 8:57 PM Yuelin Zhang <
> zhangyuelinchina@gmail.com>
> wrote:
>
> > Hi,
> >
> > I am working to improve the GitHub issue triage process by creating
> a label
> > bot(more info here
> > <
> > https://cwiki.apache.org/confluence/display/MXNET/Deep+
> Learning+Based+GitHub+Label+Bot
> > >
> > on
> > the cwiki), I have initial version of label bot ready. I would like
> to get
> > some opinions about access permission of MXNet label bot.
> >
> > Right now, all issues in MXNet repo are manually labeled. The
> process looks
> > like below:
> > First, contributors/committers go through the issues to triage them
> and
> > suggest labels and add comment on the issue requesting @committer to
> add
> > labels.
> >
> > This process will cause notification spam to both committers and
> users. The
> > long gap between user creating an issue and we labelling them will
> cause
> > the process time consuming and not very smooth.
> >
> > We want to simplify/automate this issue labeling process. Right now
> an
> > initial version of the label bot which can:
> >
> > 1. Send issue report daily. This report will show how many issue
> > open/closed, list uncommented/unlabeled issues and show an pie
> chart of
> > labels added in a week. Sample report here
> > <
> > https://cwiki.apache.org/confluence/display/MXNET/Deep+
> Learning+Based+GitHub+Label+Bot#DeepLearningBasedGitHubLabelBo
> t-SampleIssueReport
> > >
> > .
> > 2. Generate a spread sheet of unlabeled issues with recommended
> labels.
> > A contributor will open the sheet and fill in labels with
> reference of
> > bot's recommendations. In this case, contributor can deal with all
> > unlabeled issues at a time. Sample sheet here
> > <
> > https://cwiki.apache.org/confluence/display/MXNET/Deep+
> Learning+Based+GitHub+Label+Bot#DeepLearningBasedGitHubLabelBo
> t-SampleSpreadSheet
> > >
> > .
> > 3. Read labels filled in that sheet and apply labels to GitHub
> issues.
> > (tested on my personal Github repo)
> >
> >
> > This bot can be triggered daily so that all issues will be labeled
> in one
> > day without notification spam.
> >
> > *However, this bot doesn't have access to add labels. We have two
> > options:*
> >
> > - Use a committer's Oauth token with limited scope. So far according
> to my
> > research, the most limited scope is "public_repo", this contains
> access to
> > code. Except this one, Github doesn't have smaller scope available
> to add
> > labels. Available scopes here
> > <
> > https://developer.github.com/apps/building-oauth-apps/
> understanding-scopes-for-oauth-apps/
> > >
> > .
> >
> > - Create a bot account having minimum permissions. For this, we will
> need
> > an account to be created from Apache Infrastructure with proper
> access and
> > they can control the access for the account through secret manager
> > <https://docs.aws.amazon.com/secretsmanager/latest/
> userguide/intro.html> .
> > Having a bot account is beneficial for future work, not only for
> labelling
> > but also other automatic processes.
> >
> > Please let me know if you have any other ideas to do this.
> >
> > Thanks,
> > Cathy
> >
>
>
>
Re: Access Permission of MXNet label bot
Posted by Qing Lan <la...@live.com>.
I think putting in the Infra can be a really good solution.
We do not expose the credential to the outside and we can make sure it can be run in a timely manner.
Thanks,
Qing
On 7/12/18, 11:11 AM, "Marco de Abreu" <ma...@googlemail.com.INVALID> wrote:
Hello Cathy,
unfortunately, we're not allowed to use bot accounts at Apache.
An option we have is that we run your bot in our infrastructure with the
credentials of a committer with the permission you have mentioned. The only
restriction would be that you would not be able to access that server
because the credentials are confidential user data of a committer. Would
this work for you?
Best regards,
Marco
On Thu, Jul 12, 2018 at 8:57 PM Yuelin Zhang <zh...@gmail.com>
wrote:
> Hi,
>
> I am working to improve the GitHub issue triage process by creating a label
> bot(more info here
> <
> https://cwiki.apache.org/confluence/display/MXNET/Deep+Learning+Based+GitHub+Label+Bot
> >
> on
> the cwiki), I have initial version of label bot ready. I would like to get
> some opinions about access permission of MXNet label bot.
>
> Right now, all issues in MXNet repo are manually labeled. The process looks
> like below:
> First, contributors/committers go through the issues to triage them and
> suggest labels and add comment on the issue requesting @committer to add
> labels.
>
> This process will cause notification spam to both committers and users. The
> long gap between user creating an issue and we labelling them will cause
> the process time consuming and not very smooth.
>
> We want to simplify/automate this issue labeling process. Right now an
> initial version of the label bot which can:
>
> 1. Send issue report daily. This report will show how many issue
> open/closed, list uncommented/unlabeled issues and show an pie chart of
> labels added in a week. Sample report here
> <
> https://cwiki.apache.org/confluence/display/MXNET/Deep+Learning+Based+GitHub+Label+Bot#DeepLearningBasedGitHubLabelBot-SampleIssueReport
> >
> .
> 2. Generate a spread sheet of unlabeled issues with recommended labels.
> A contributor will open the sheet and fill in labels with reference of
> bot's recommendations. In this case, contributor can deal with all
> unlabeled issues at a time. Sample sheet here
> <
> https://cwiki.apache.org/confluence/display/MXNET/Deep+Learning+Based+GitHub+Label+Bot#DeepLearningBasedGitHubLabelBot-SampleSpreadSheet
> >
> .
> 3. Read labels filled in that sheet and apply labels to GitHub issues.
> (tested on my personal Github repo)
>
>
> This bot can be triggered daily so that all issues will be labeled in one
> day without notification spam.
>
> *However, this bot doesn't have access to add labels. We have two
> options:*
>
> - Use a committer's Oauth token with limited scope. So far according to my
> research, the most limited scope is "public_repo", this contains access to
> code. Except this one, Github doesn't have smaller scope available to add
> labels. Available scopes here
> <
> https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/
> >
> .
>
> - Create a bot account having minimum permissions. For this, we will need
> an account to be created from Apache Infrastructure with proper access and
> they can control the access for the account through secret manager
> <https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html> .
> Having a bot account is beneficial for future work, not only for labelling
> but also other automatic processes.
>
> Please let me know if you have any other ideas to do this.
>
> Thanks,
> Cathy
>
Re: Access Permission of MXNet label bot
Posted by Marco de Abreu <ma...@googlemail.com.INVALID>.
Hello Cathy,
unfortunately, we're not allowed to use bot accounts at Apache.
An option we have is that we run your bot in our infrastructure with the
credentials of a committer with the permission you have mentioned. The only
restriction would be that you would not be able to access that server
because the credentials are confidential user data of a committer. Would
this work for you?
Best regards,
Marco
On Thu, Jul 12, 2018 at 8:57 PM Yuelin Zhang <zh...@gmail.com>
wrote:
> Hi,
>
> I am working to improve the GitHub issue triage process by creating a label
> bot(more info here
> <
> https://cwiki.apache.org/confluence/display/MXNET/Deep+Learning+Based+GitHub+Label+Bot
> >
> on
> the cwiki), I have initial version of label bot ready. I would like to get
> some opinions about access permission of MXNet label bot.
>
> Right now, all issues in MXNet repo are manually labeled. The process looks
> like below:
> First, contributors/committers go through the issues to triage them and
> suggest labels and add comment on the issue requesting @committer to add
> labels.
>
> This process will cause notification spam to both committers and users. The
> long gap between user creating an issue and we labelling them will cause
> the process time consuming and not very smooth.
>
> We want to simplify/automate this issue labeling process. Right now an
> initial version of the label bot which can:
>
> 1. Send issue report daily. This report will show how many issue
> open/closed, list uncommented/unlabeled issues and show an pie chart of
> labels added in a week. Sample report here
> <
> https://cwiki.apache.org/confluence/display/MXNET/Deep+Learning+Based+GitHub+Label+Bot#DeepLearningBasedGitHubLabelBot-SampleIssueReport
> >
> .
> 2. Generate a spread sheet of unlabeled issues with recommended labels.
> A contributor will open the sheet and fill in labels with reference of
> bot's recommendations. In this case, contributor can deal with all
> unlabeled issues at a time. Sample sheet here
> <
> https://cwiki.apache.org/confluence/display/MXNET/Deep+Learning+Based+GitHub+Label+Bot#DeepLearningBasedGitHubLabelBot-SampleSpreadSheet
> >
> .
> 3. Read labels filled in that sheet and apply labels to GitHub issues.
> (tested on my personal Github repo)
>
>
> This bot can be triggered daily so that all issues will be labeled in one
> day without notification spam.
>
> *However, this bot doesn't have access to add labels. We have two
> options:*
>
> - Use a committer's Oauth token with limited scope. So far according to my
> research, the most limited scope is "public_repo", this contains access to
> code. Except this one, Github doesn't have smaller scope available to add
> labels. Available scopes here
> <
> https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/
> >
> .
>
> - Create a bot account having minimum permissions. For this, we will need
> an account to be created from Apache Infrastructure with proper access and
> they can control the access for the account through secret manager
> <https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html> .
> Having a bot account is beneficial for future work, not only for labelling
> but also other automatic processes.
>
> Please let me know if you have any other ideas to do this.
>
> Thanks,
> Cathy
>