[wp-meta] [Making WordPress.org] #6087: Provide a GitHub Integration for Plugins
Making WordPress.org
noreply at wordpress.org
Mon Feb 7 22:35:58 UTC 2022
#6087: Provide a GitHub Integration for Plugins
------------------------------+---------------------
Reporter: dd32 | Owner: (none)
Type: enhancement | Status: new
Priority: low | Milestone:
Component: Plugin Directory | Resolution:
Keywords: |
------------------------------+---------------------
Comment (by JeffPaul):
> but that requires storing the committers password on GitHub, **which not
all are comfortable doing**.
(note I added the emphasis above)
The password is stored as a [https://docs.github.com/en/actions/security-
guides/encrypted-secrets GitHub secret] and can be done at an org-level
and maintained there and not within individual repos (for folks who
maintain multiple plugins within a single org). From GitHub's emphasis on
their secrets:
> Encrypted secrets allow you to store sensitive information in your
organization, repository, or repository environments.
So I'm really not sure that there is a worthwhile solution that won't take
a significant amount of time to craft that would be more secure than the
current approach. I won't argue that a different approach would be more
graceful or seamless an integration, but speaking as someone currently
supporting the GitHub Action of note I'm happy to keep triaging and
supporting folks using it to keep GitHub and SVN working in tandem
(barring overly complex GitHub setups).
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/6087#comment:3>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list