Skip to content

Commit

Permalink
fix: skip permission verification exception when Github Apps (#272)
Browse files Browse the repository at this point in the history
  • Loading branch information
psalaberria002 authored May 22, 2020
1 parent 543f40b commit 32654fb
Show file tree
Hide file tree
Showing 2 changed files with 50 additions and 15 deletions.
8 changes: 8 additions & 0 deletions lib/verify.js
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,14 @@ module.exports = async (pluginConfig, context) => {
},
} = await github.repos.get({repo, owner});
if (!push) {
// If authenticated as GitHub App installation, `push` will always be false.
// We send another request to check if current authentication is an installation.
// Note: we cannot check if the installation has all required permissions, it's
// up to the user to make sure it has
if (await github.request('HEAD /installation/repositories', {per_page: 1}).catch(() => false)) {
return;
}

errors.push(getError('EGHNOPERMISSION', {owner, repo}));
}
} catch (error) {
Expand Down
57 changes: 42 additions & 15 deletions test/verify.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -401,23 +401,50 @@ test('Throw SemanticReleaseError for invalid repositoryUrl', async (t) => {
t.is(error.code, 'EINVALIDGITHUBURL');
});

test.serial("Throw SemanticReleaseError if token doesn't have the push permission on the repository", async (t) => {
const owner = 'test_user';
const repo = 'test_repo';
const env = {GH_TOKEN: 'github_token'};
const github = authenticate(env)
.get(`/repos/${owner}/${repo}`)
.reply(200, {permissions: {push: false}});
test.serial(
"Throw SemanticReleaseError if token doesn't have the push permission on the repository and it's not a Github installation token",
async (t) => {
const owner = 'test_user';
const repo = 'test_repo';
const env = {GH_TOKEN: 'github_token'};
const github = authenticate(env)
.get(`/repos/${owner}/${repo}`)
.reply(200, {permissions: {push: false}})
.head('/installation/repositories')
.query({per_page: 1})
.reply(403);

const [error, ...errors] = await t.throwsAsync(
verify({}, {env, options: {repositoryUrl: `https://github.com/${owner}/${repo}.git`}, logger: t.context.logger})
);
const [error, ...errors] = await t.throwsAsync(
verify({}, {env, options: {repositoryUrl: `https://github.com/${owner}/${repo}.git`}, logger: t.context.logger})
);

t.is(errors.length, 0);
t.is(error.name, 'SemanticReleaseError');
t.is(error.code, 'EGHNOPERMISSION');
t.true(github.isDone());
});
t.is(errors.length, 0);
t.is(error.name, 'SemanticReleaseError');
t.is(error.code, 'EGHNOPERMISSION');
t.true(github.isDone());
}
);

test.serial(
"Do not throw SemanticReleaseError if token doesn't have the push permission but it is a Github installation token",
async (t) => {
const owner = 'test_user';
const repo = 'test_repo';
const env = {GH_TOKEN: 'github_token'};
const github = authenticate(env)
.get(`/repos/${owner}/${repo}`)
.reply(200, {permissions: {push: false}})
.head('/installation/repositories')
.query({per_page: 1})
.reply(200);

await t.notThrowsAsync(
verify({}, {env, options: {repositoryUrl: `https://github.com/${owner}/${repo}.git`}, logger: t.context.logger})
);

t.true(github.isDone());
}
);

test.serial("Throw SemanticReleaseError if the repository doesn't exist", async (t) => {
const owner = 'test_user';
Expand Down

0 comments on commit 32654fb

Please sign in to comment.