[wp-meta] [Making WordPress.org] #6087: Provide a GitHub Integration for Plugins

Making WordPress.org noreply at wordpress.org
Mon Feb 7 22:35:58 UTC 2022


#6087: Provide a GitHub Integration for Plugins
------------------------------+---------------------
 Reporter:  dd32              |       Owner:  (none)
     Type:  enhancement       |      Status:  new
 Priority:  low               |   Milestone:
Component:  Plugin Directory  |  Resolution:
 Keywords:                    |
------------------------------+---------------------

Comment (by JeffPaul):

 > but that requires storing the committers password on GitHub, **which not
 all are comfortable doing**.
 (note I added the emphasis above)

 The password is stored as a [https://docs.github.com/en/actions/security-
 guides/encrypted-secrets GitHub secret] and can be done at an org-level
 and maintained there and not within individual repos (for folks who
 maintain multiple plugins within a single org).  From GitHub's emphasis on
 their secrets:
 > Encrypted secrets allow you to store sensitive information in your
 organization, repository, or repository environments.

 So I'm really not sure that there is a worthwhile solution that won't take
 a significant amount of time to craft that would be more secure than the
 current approach.  I won't argue that a different approach would be more
 graceful or seamless an integration, but speaking as someone currently
 supporting the GitHub Action of note I'm happy to keep triaging and
 supporting folks using it to keep GitHub and SVN working in tandem
 (barring overly complex GitHub setups).

-- 
Ticket URL: <https://meta.trac.wordpress.org/ticket/6087#comment:3>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org


More information about the wp-meta mailing list