)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":7118,"name":"Ian Wienand","email":"iwienand@redhat.com","username":"iwienand"},"change_message_id":"08df5de3ee2783f9eca12238f319316672a45b1e","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"d790f388_b30ba40d","updated":"2024-10-31 00:10:59.000000000","message":"Thank you for working on this.\n\nI\u0027m not fully understanding what\u0027s going on here.  According to https://rtdname.readthedocs.io/en/latest/webhooks.html#authentication \n\n\u003e This endpoint requires authentication. If authenticating with an integration token, a check will determine if the token is valid and matches the given project. If instead an authenticated user is used to make this request, a check will be performed to ensure the authenticated user is an owner of the project.\n\nSo are we saying that essentially this is wrong and that https://opendev.org/zuul/zuul-jobs/src/branch/master/roles/trigger-readthedocs/tasks/main.yaml#L19 just does not work?\n\nIf that is the case, I feel like we should start by fixing zuul-jobs to reflect the reality of the situation and remove the user/password options (and asking for the webhook docs to be updated).\n\nIt seems to me this job was useful because it used the `openstackci` user to ping the endpoint (which should be a joint owner of the docs project).  if that no longer works, and you need a per-project auth token, I don\u0027t see much of a reason to keep the job here at all.  There\u0027s nothing it provides other than being an empty wrapper around the zuul-job.  \n\nAny user is broken anyway, and there would be nothing we can really do about that, so it seems better to just remove this and people need to update?","commit_id":"e230fcbb27cc2af7dfc845a4d5c5d8ec3cb9e0d5"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"c80041b5cf0fbfa0854f9bd321c5a6c176edc822","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"cc4c7249_630bc34a","in_reply_to":"696199bf_7d3d775f","updated":"2024-10-31 08:19:41.000000000","message":"ahh, and IMO it still makes sense to keep the abstract common job definition as we can define playbook to be used there for all of the jobs. Maybe it\u0027s not much but I don\u0027t see reason why not to keep it that way.","commit_id":"e230fcbb27cc2af7dfc845a4d5c5d8ec3cb9e0d5"},{"author":{"_account_id":7118,"name":"Ian Wienand","email":"iwienand@redhat.com","username":"iwienand"},"change_message_id":"39f27ee2d56435753156e4006217c54fada03e2f","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":1,"id":"352e66eb_63729eb4","in_reply_to":"beac24ac_0ab1bb59","updated":"2024-11-01 06:21:46.000000000","message":"See further comments in https://review.opendev.org/c/zuul/zuul-jobs/+/933395","commit_id":"e230fcbb27cc2af7dfc845a4d5c5d8ec3cb9e0d5"},{"author":{"_account_id":7118,"name":"Ian Wienand","email":"iwienand@redhat.com","username":"iwienand"},"change_message_id":"78cddb333c8083077c6689a1309c56d9ebe2bdef","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":1,"id":"beac24ac_0ab1bb59","in_reply_to":"cc4c7249_630bc34a","updated":"2024-10-31 10:16:10.000000000","message":"I\u0027m a little unconvinced TBH, I\u0027m not sure if they really meant this or not.  Can you keep an eye on https://github.com/readthedocs/readthedocs.org/issues/11733 which I\u0027ve filed to clarify this?\n\nIf it really is the case that `openstackci` user can\u0027t trigger the webhook endpoint any more, it feels like we need to do similar to what we did last time there was an API change and move everyone to a \"broken\" job so they can specify their own secrets (https://review.opendev.org/c/openstack/project-config/+/599270) ...","commit_id":"e230fcbb27cc2af7dfc845a4d5c5d8ec3cb9e0d5"},{"author":{"_account_id":11975,"name":"Slawek Kaplonski","email":"skaplons@redhat.com","username":"slaweq"},"change_message_id":"cf7a71051dd1427ddb824c15e7f4368cf4b71250","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"696199bf_7d3d775f","in_reply_to":"d790f388_b30ba40d","updated":"2024-10-31 08:18:10.000000000","message":"Maybe this doc from readthedocs.org is wrong now, idk really. But apparently after https://github.com/readthedocs/readthedocs.org/pull/11083 was merged our http basic auth as openstackci user stopped working and this job is failing now. AFAIU we need to pass secret token in the request body now always.\n\nI can propose removal of this job completely but I am not sure if zuul will allow me to do so before removing it from all the projects which are using it. And I have no time (and access to their readthedocs accounts) to do so.","commit_id":"e230fcbb27cc2af7dfc845a4d5c5d8ec3cb9e0d5"}]}