BCVerdouw
opened 3 months ago
-
want my service accounts to appear as the actual committers for traceability and proper avatars in automated commits. Currently, OneDev links commit identity only via the email in the commit, which service accounts don’t have.
Can you please elaborate on this automated commits and commit identity link?
-
I'm sorry if my initial phrasing was unclear; English is not my native language.
From my testing, OneDev seems to associate a pushed commit with an account based on the email address in the commit metadata.
However, I have multiple automated systems that create and push commits without human intervention, for example:
- FluxCD committing bootstrap changes or the results of
ImageUpdateAutomations - CI/CD pipelines updating release versions or next snapshot versions
- A weekly automation pipeline performing dependency or maintenance updates in a language not fully supported by Renovate
I would like these commits to be associated with the correct service account so they show the proper committer identity and avatar in OneDev.
At the moment, this seems impossible because service accounts do not have email addresses that can be matched against commit metadata.
- FluxCD committing bootstrap changes or the results of
-
I see your point. Unfortunately this is a limitation of service account. OneDev associates account with committer via email, as this is the only reliable approach. Doing name match might cause false positives and will also complicates the matching logic.
-
I understand the reasons to not work based off of name matching, however, I believe that my other suggestion, giving service-accounts a fake, static "email address" for identity matching purposes could resolve this issue without introducing much additional complexity.
-
Sorry that giving email address to service accounts (which is free) totally breaks our business model...
-
Sorry that giving email address to service accounts (which is free) totally breaks our business model...
I understand that concern, but I wasn’t suggesting giving service accounts fully user-controlled email addresses.
I’ve also found a workaround that works for me, but it is fairly cumbersome in both configuration and ongoing maintenance. Because of that, I would still prefer to see a proper supported solution for this.
-
OK, I did not see you are mentioning fake email. That could be feasible. Will investigate it.
-
State changed as build OD-7256 (15.0.0) is successful
-
OneDev
changed state to 'Closed' 2 months ago
Previous Value Current Value Open
Closed
| Type |
Improvement
|
| Priority |
Normal
|
| Assignee | |
| Labels |
No labels
|
Good afternoon,
I want my service accounts to appear as the actual committers for traceability and proper avatars in automated commits. Currently, OneDev links commit identity only via the email in the commit, which service accounts don’t have.
A possible solution could be: falling back to full name/login for identity matching, or providing service accounts with a static email identifier like @onedev or @service-account.
Creating regular user accounts is not feasible, as it would artificially inflate my licensed user count, likely quadrupling my enterprise edition cost.