Use auth in more expensive requests (!898) · Merge requests · GitLab.org / async-retrospectives

John Hope requested to merge remove-auth-from-codepaths into master May 24, 2024

Using authentication via the read-only token makes requests much quicker. Since these are timing out for multiple teams during retrospective creation and updating, this should solve the problem where pipelines need to be run multiple times or simply won't run successfully at all.

Using authentication means that private issues may be exposed using the current pattern of embedding title and web_url explicitly in templates. Instead, reference expansion should be used.

This also has the benefit of ensuring all issues are visible to the team at retrospective time, and not just public ones. Meanwhile, permissions of the viewer are checked so that these issue titles aren't exposed.

Also included in this release:

Update to the CI pipeline which does a dry run of the create and update actions. This reduces the likelihood changes will be merged which cause these to regress. It's also important to this MR as it shows a recovery of the update action.

Edited May 24, 2024 by John Hope

Use auth in more expensive requests

Merge request reports