Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How exactly does safe-settings handle situations that require human involvement? #217

Open
hicksjacobp opened this issue May 24, 2022 · 2 comments
Open

How exactly does safe-settings handle situations that require human involvement? #217

hicksjacobp opened this issue May 24, 2022 · 2 comments

Comments

@hicksjacobp
Copy link

I've read through the README multiple times, but it's not very obvious to me what exactly safe-settings does for some validations which can't just be applied to a repository. For example, what happens if a repository name doesn't pass the validation regex? Does safe-settings open an issue on the repository? Does it fail a status check on a pull request to force compliance? How do repo maintainers get notified of the issue and how can they learn what's failing?

Is there an example public org where this app is running on and could showcase how it works? Without understanding more of how this app works, I don't want to just install this on an organization.
@denizhoxha
Copy link

Hi,

It adds a validation-error topic to the repository

https://github.com/github/safe-settings/blob/main-enterprise/lib/validator.js#L36

Br,

@svg153
Copy link
Contributor

svg153 commented May 27, 2022
edited
Loading

Hi.

We use safe-settings in our org (@pezaio). So in summary:

  • Open an issue on the repository? When a PR is opened in the admin repo, the safe-setting app creates a status check and fails if it doesn't pass validation. It returns the log with the mix of the files and a "dry-run" type.
  • Does it fail a status check on a pull request to force compliance? Correct.
  • How do repo maintainers get notified of the issue, and how can they learn what's failing? With the status check that you create in the PR.
  • Is there an example public org? @gomete and I are setting up safe-settings in this public organization @public-acme

Notes:

  • Sometimes, when safe-settings creates the status check, then it doesn't send the status, and the status check stays waiting for the final result, running and waiting for life. We have not isolated the error, but the failure cases are:
    • When the log sent from the safe-settings in the validation is too long for the GitHub API
    • Depending on the name of the branch or the commit or something around here, ...
  • To solve this, we have a workflow to send a status complete to status check.
- name: Complete check run
      uses: actions/github-script@v6.0.0
      with:
        script: |
    await github.request('PATCH /repos/{owner}/{repo}/check-runs/{check_run_id}', {
            owner: context.repo.owner,
            repo: '${{ github.event.inputs.repo-check-run }}',
            check_run_id: ${{ github.event.inputs.check-run-id }},
            status: 'completed',
            conclusion: 'cancelled'});
        github-token: ${{ steps.get_token.outputs.token  }}

cc: @gomete, @lfraile

@svg153 svg153 mentioned this issue Jul 19, 2022
Open
@svg153 svg153 mentioned this issue Aug 29, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hicksjacobp @svg153 @denizhoxha