Determine actor from PAT if possible #231
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
I believe the standard GITHUB_TOKEN has permissions tightly scoped to the repository that's using the token generation. And even if it could access the current user, it would only report that it was the github[bot] user, which isn't very illuminating anyway. So this approach is good IMO. |
7 tasks
hross
approved these changes
Jan 15, 2021
|
I like this approach. Seems reasonable and helpful in the case of bot users. I'm going to merge this to master and test it internally for a week or so before I publish a new release. |
|
Awesome, thanks, @hross! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi there, Homebrew maintainer here. We were recently in the market for a new way to monitor stale issues (our existing configuration stopped working) and figured that this was a great solution. So far, we've only had one minor hiccup that I have aimed to fix in this PR.
This has been reported a few times before, but our issue revolves around the fact that the stale action checks for comments that are not made by a bot or
context.actor(which is the user who most recently modified the workflow). I am aware of one attempt at removing this in #192. The response given in that PR makes sense to me:This seems reasonable for smaller projects, but larger projects (like Homebrew) tend to have their own "bot user" that differs from the one who set up the workflow. In our specific case, I set up the stale workflow which made me the "actor". However, the
repo-tokenwe provide is for @BrewTestBot not for my user. That means that any actions taken are on the behalf of @BrewTestBot. Actions that I take should be treated no differently than those made by another user.This PR attempts to fix this by trying to determine who the "actor" should be based on the
repo-token. This will now runoctokit.users.getAuthenticated();and, if successful, will set the "actor" by accessing.data.login. If the API call fails, it will default back tocontext.actoras is currently done.One potential thing to note is that it seems that using the default
${{ secrets.GITHUB_TOKEN }}does not have the appropriate permissions to run the API call. However, a PAT with no additional permissions does seem to have the appropriate scope to run the call. While this is not ideal, it is no worse than the current implementation because it will still fall back oncontext.actor. I would gladly accept any ideas about how to get around this limitation.I think this is a reasonable compromise, but if it's not in the desired direction, I would, instead, propose adding a new option to the workflow to set an e.g.
ignored-usersoption to the login of any users whose comments should be ignored when determining if new comments should "un-stale" an issue. This could default tocontext.actor. That way, projects like Homebrew can specifyignored-users: BrewTestBotand not worry about thecontext.actorissue.