REQUEST: Repository maintenance on opentelemetry-injector #3277
Description
Affected Repository
https://github.com/open-telemetry/opentelemetry-injector
Requested changes
Add a SIG-specific otelbot Github app with permissions to create and push tags.
I believe that would be the Contents repository permission. (See https://docs.github.com/en/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app#choosing-permissions-for-git-access)
Purpose
We have automated our releases as follows:
- A maintainer triggers the prepare-release workflow, which creates a PR with the changelog. A maintainer approves and merges that PR.
- Pushing the changelog commit to
maintriggers the create-tag-for-release workflow, which inspects the commit and creates the release tag. - This should (in theory) trigger the main build, run all tests and publish the release in the
publish-stablejob.
When using the default Github secrets.GITHUB_TOKEN for creating and pushing the tag, we run into the well known problem that the build workflow is not triggered by the tag (as described in https://github.com/open-telemetry/community/blob/main/assets.md#otelbot, bullet point (2.))
When using the default otelbot app, we cannot push the tag because the otelbot app does not have permissions to push tags apparently. See https://github.com/open-telemetry/opentelemetry-injector/actions/runs/22063267417/job/63748559551#step:4:7
Run .github/workflows/scripts/create-tag-for-release.sh
Found release commit for version: v0.1.1-2026021602.
Creating tag for version v0.1.1-2026021602.
remote: Permission to open-telemetry/opentelemetry-injector.git denied to otelbot[bot].
fatal: unable to access 'https://github.com/open-telemetry/opentelemetry-injector/': The requested URL returned error: 403
Error: Process completed with exit code 128.
We therefore would like to use a SIG-specific Github app with permissions to create and push tags.
Expected Duration
permanently
Repository Maintainers
- @open-telemetry/injector-maintainers