Update the bot user for the nvchecker project

We have recently switched from a bot token to a fully fledged user.

Link: https://gitlab.archlinux.org/nvchecker
Signed-off-by: Christian Heusel christian@heusel.eu

requested review from @klausenbusk

assigned to @gromit

added deployed label

mentioned in commit 39f873c9

merged manually

Sorry for getting back to you in time for this :/

We have recently switched from a bot token to a fully fledged user.

It is still the same bot user, I just renamed it.

I'm not sure if it makes sense to switch to a fully fledged user.
It will be more in line with how we are handling the other user facing "bot accounts" (renovate, bugbugddy, archbot etc.), it is easier to change the "user profile" (I used the "rails console" for tweaking @nvchecker's profile) and GitLab will delete this user if the token ever expire (which should not happen !884 (merged)), but other than that I don't see any major differences.

On a side note, it may be a good idea to consider cases where we do rotate the bot tokens, for example if a former devops leaves its a good hygiene to support token and credential rotation and we may want to do so in some future.

We indeed should do that, but I don't see it happening before we have proper tooling in place :)

I think the ideal solution would be that the tokens are rotated automatically at regular intervals. For something like renovate and other tokens, which are created and used solely in gitlab, that should be doable today. For other tokens like this one, which is created in gitlab and then used from a VM, that is a bit more challenging.

Maybe this is the next pet project for someone ;)