finos / cla-bot Goto Github PK
View Code? Open in Web Editor NEWcla-bot is a GitHub bot for automation of Contributor Licence Agreements (CLAs).
Home Page: https://finos.github.io/cla-bot/
License: Apache License 2.0
cla-bot is a GitHub bot for automation of Contributor Licence Agreements (CLAs).
Home Page: https://finos.github.io/cla-bot/
License: Apache License 2.0
We had a typo in our contributors file which broke the CLA bot for us for several days. It would be nice if CLA bot could email us about such issues.
When a pull request is first put in, the bot signs it correctly. However, if someone amends a commit or rebases then pushes again, the bot doesn't resign the branch.
It would be quite useful if we could whitelist an org. Each commit author would be verified to see if they are a member of a given GitHub org.
via email from @maoo
What if a GitHub user, that is "whitelisted" by the bot (since covered by a CLA) and therefore part of the "contributorListGithubUrl", deletes the GitHub account and another person creates a GitHub account with the same GitHub ID later on?
This is a very good point, and a bit of a design flaw! Usernames (called login
in the GitHub API response) are unique, but can be relinquished when accounts are deleted.
However, users also have a unique ID which is returned by the API, and is visible in your avatar URL for example, https://avatars0.githubusercontent.com/u/1098110?s=460&v=4
.
We could list user IDs in the whitelist file, but that would make it much harder to configure. We'd still experience the issues relating to #74, where git commits can be from authors that do not have GitHub accounts.
I can't see a good fix for this one!
Similar to #99
I would like to get the user name who has not signed the CLA in the comment. It becomes important when there a re multiple committers in same pull request. Mentioning the user who has not sign would be really good.
Is there any way to do that?
Sorry for raising an issue for a question but didn't find any chat medium.
e.g. https://developer.github.com/v3/#http-redirects
Can use the slabot-test => clabot-test project to test this code
I am evaluating the cla-bot to validate Pull Requests across different projects that are hosted in our github org; for this reason, I need to be able to define a .clabot
configuration at organisation level and avoid the project to overrule it.
The solution can be composed by 2 blocks:
.clabot
file, it will fallback into https://github.com/<user/org_name>/clabot-config/.clabot
forceOrgConfig
) that forces .clabot
to be resolved at organisation levelI am submitting a PR that I've tested against a test repo; configuration is stored in ssf-admin/clabot-config.
Please note; the PR is not ready for merge; documentation and testing is missing; feedback is welcome, especially considering my entry-level node skills.
We had a typo in the contributors file, which caused the CLA bot to (silently) stop posting status checks to new PRs. I would expect the bot to post a failed status check with the log file showing the error.
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js
Path to dependency file: /tmp/ws-scm/cla-bot/node_modules/jmespath/index.html
Path to vulnerable library: /cla-bot/node_modules/jmespath/index.html
Dependency Hierarchy:
Found in HEAD commit: ac92065be8dcbcf0a25d76cc219ab554b541ef87
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
Publish Date: 2018-01-18
URL: CVE-2012-6708
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-6708
Release Date: 2018-01-18
Fix Resolution: jQuery - v1.9.0
There are various ways in which git can have multiple users associated with a commit. This bot should handle them!
Handlebars provides the power necessary to let you build semantic templates effectively with no frustration
Library home page: https://registry.npmjs.org/handlebars/-/handlebars-4.2.0.tgz
Path to dependency file: /tmp/ws-scm/cla-bot/package.json
Path to vulnerable library: /cla-bot/node_modules/handlebars/package.json
Dependency Hierarchy:
handlebars before 4.3.0 is vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Objects' proto and defineGetter properties, which may allow an attacker to execute arbitrary code through crafted payloads.
Publish Date: 2019-10-06
URL: WS-2019-0291
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1164
Release Date: 2019-10-06
Fix Resolution: 4.3.0
This bot is being contributed to FINOS, which is a good home for this project. However, despite the code changing location, it will continue to be made available to current and new users through the same cla-bot app.
This issue tracks the various tasks around this move.
Steps required for the move to FINOS:
Following this, FINOS can remove their own fork of cla-bot, by updating the configuration of this repository with their required build settings.
develop
branch to finos-deployment-prod
and finos-deployment-staging
Once the repo is successfully deploying to both FINOS and my AWS accounts, we can discuss whether the current public cla-bot should run on FINOS AWS infrastructure
master
and develop
branches should remain unchangedUser authorization callback URL
to https://finos-fdx.github.io/cla-bot/
on GitHub App configurationCurrently the log bot only has a single deployed instance, pointing at the prod logs
Checking the webhook logs there are quite a few installations, it would be great to be able to list these!
There are a number of places where more user-friendly errors could be provided.
Currently if .clabot
lacks the token the webhook fails with Error during decryption (probably incorrect key)
. There are a whole class of errors around configuration that could be improved.
see the comment here: https://github.com/ColinEberhardt/cla-bot/issues/64#issuecomment-320902328
Question: is it possible for cla-bot to block merging of a PR when a CLA isn't found for the submitter?
Currently cla-bot is advisory in nature - a project team member is able to overrule a cla-bot violation and merge a PR from a submitter who doesn't have a CLA, and there are cases where this should be prevented.
When running npm run execute
I get the following:
> [email protected] execute /Users/m/w/projects/cla-bot
> node-lambda run --configFile deploy.env
fs.js:640
return binding.open(pathModule._makeLong(path), stringToFlags(flags), mode);
^
TypeError: path must be a string or Buffer
at TypeError (native)
at Object.fs.openSync (fs.js:640:18)
at Object.fs.readFileSync (fs.js:508:33)
at Object.<anonymous> (/Users/m/w/projects/cla-bot/installationToken.js:7:17)
at Module._compile (module.js:570:32)
at Object.Module._extensions..js (module.js:579:10)
at Module.load (module.js:487:32)
at tryModuleLoad (module.js:446:12)
at Function.Module._load (module.js:438:3)
at Module.require (module.js:497:17)
My deploy.env
looks includes:
GITHUB_ACCESS_TOKEN=--token--
INTEGRATION_ENABLED=false
Submitting PR to avoid const
init, if process.env.INTEGRATION_KEY
is not set.
Github usernames can change, cla-bot should store and deal with Github user IDs as an immutable token that relates to a GitHub account, rather than using the username.
Consider the following situation:
@bpscott
signs a CLA and gets their name added to a cla list@bpscott
makes some contributions and they get signed off@bpscott
(Id 227292) changes his user name @bpscott-zzz.@bpscott
make contributions and they get signed off despite this user having never signed a CLAThe instructions at https://colineberhardt.github.io/cla-bot/#configuration-options
says
If you have multiple repositories within the same organization, or user account, that have the same contributors, you can create a single configuration by adding a project called clabot-config. For example, for my personal projects I could configure the bot via https://github.com/ColinEberhardt/cla-config/.clabot.
Should be
If you have multiple repositories within the same organization, or user account, that have the same contributors, you can create a single configuration by adding a project called clabot-config. For example, for my personal projects I could configure the bot via https://github.com/ColinEberhardt/clabot-config/.clabot
.
Same here
Note, if you do not want the list of contributors to be public, the cla-config project can be private.
should be
Note, if you do not want the list of contributors to be public, the clabot-config project can be private.
I'm no longer using it for deployment, just for execution. This should be really easy to do via a very simple 'bootstrap' script, so I could probably remove node-lambda altogether
the cla-bot-log should take a parameter to indicate whether the correlationKey is from the dev or prod logs.
It would be helpful to have a page status page (like https://www.githubstatus.com/) that shows the current state of the service. We had an issue where our contributors file had a typo, and knowing the service was still running would have narrowed down the troubleshooting process.
The bot currently uses the access token to fetch .clabot before getting the installation key. Flipping this round would remove the need for this
This is very cool project. But oops, I don't see a LICENSE file on it. Kind of ironic, considering the purpose(!)
Anyhoo. Please put an MIT or public domain statement in the repo to confirm what the blog seems to suggest, that you intend to make this freely available to the public.
Hi, I think #90 might have introduced a bug. We use a GitHub-based contributors URL with cla-bot and are seeing these logs lately:
...
INFO: A total of 1 were found, checking CLA status for committers
INFO: Checking contributors against the github URL supplied in the .clabot file
ERROR: SyntaxError: Unexpected token e in JSON at position 0
This same error results if you try a simple double-parse in the console:
> JSON.parse(JSON.parse('["e"]'))
VM339:1 Uncaught SyntaxError: Unexpected token e in JSON at position 0
at JSON.parse (<anonymous>)
at <anonymous>:1:6
I think the change causing this was ColinEberhardt@7c13355. I've not verified it, but tracing the code we see that githubRequest()
passes json: true
to requestp
unless it's overridden in opts
. Maybe the fix is to change getFile
to return json: false
?
While trying test cla-bot
on my repo it fails to check cla.
For e.g. zabil/listhandling#8
The details page fails with the XHR.
{"errorMessage":"2017-08-08T08:50:17.254Z 90fec5cf-7c16-11e7-962f-e18b63415a86 Task timed out after 15.00 seconds"}
Is there a way to check status of the cla-bot?
Thanks!
I've enabled cla-bot on https://github.com/symphonyoss account (only for 1 project, https://github.com/symphonyoss/clabot-test) and defined https://github.com/symphonyoss/clabot-config (private) project.
For testing purposes, I've created https://github.com/symphonyoss/clabot-test/pull/1.
Since the list of contributors is currently empty, I'd have expected the cla-bot to post a comment in the issue, but nothing happened.
Below is reported the .clabot
contained in https://github.com/symphonyoss/clabot-config
:
{
"contributorListGithubUrl": "https://api.github.com/repos/symphonyoss/clabot-config/contents/contributors.json",
"label": "cla-signed",
"message": "Thank you for your pull request and welcome to our community! ...."
}
The content of contributors.json
is []
.
The error occurs on line 134, which was introduced by issue #70 .
Basically, there are some PRs that come with no author
or committer
values, therefore it fails with the error mentioned on the title; an example of such PR is finos/SymphonyElectron#195 (JSON reported below, emails hidden)
Any idea why this happens?
{
"time": "2017-09-28T13:30:44.627Z",
"correlationKey": "39f34540-a451-11e7-ba7e-71a0befdf45c",
"level": "DEBUG",
"message": "API Response https://api.github.com/repos/symphonyoss/SymphonyElectron/pulls/195/commits",
"detail": [
{
"sha": "1ff558af8121487cdbc0302b4b8efb8e930b33af",
"commit": {
"author": {
"name": "Vishwas Shashidhar",
"email": "[hidden]",
"date": "2017-09-28T13:12:47Z"
},
"committer": {
"name": "Vishwas Shashidhar",
"email": "[hidden]",
"date": "2017-09-28T13:12:47Z"
},
"message": "electron-145: fixes the issue with invalid json config upon repair",
"tree": {
"sha": "a6019abb4fdac84dfcdc56572b128429e8d91b37",
"url": "https://api.github.com/repos/symphonyoss/SymphonyElectron/git/trees/a6019abb4fdac84dfcdc56572b128429e8d91b37"
},
"url": "https://api.github.com/repos/symphonyoss/SymphonyElectron/git/commits/1ff558af8121487cdbc0302b4b8efb8e930b33af",
"comment_count": 0
},
"url": "https://api.github.com/repos/symphonyoss/SymphonyElectron/commits/1ff558af8121487cdbc0302b4b8efb8e930b33af",
"html_url": "https://github.com/symphonyoss/SymphonyElectron/commit/1ff558af8121487cdbc0302b4b8efb8e930b33af",
"comments_url": "https://api.github.com/repos/symphonyoss/SymphonyElectron/commits/1ff558af8121487cdbc0302b4b8efb8e930b33af/comments",
"author": null,
"committer": null,
"parents": [
{
"sha": "1a312544d7223b7aa041219cd91958f83bfa235c",
"url": "https://api.github.com/repos/symphonyoss/SymphonyElectron/commits/1a312544d7223b7aa041219cd91958f83bfa235c",
"html_url": "https://github.com/symphonyoss/SymphonyElectron/commit/1a312544d7223b7aa041219cd91958f83bfa235c"
}
]
}
]
}
Issue:
PR -> click random link -> click "back" from browser -> no checks are run.
How to reproduce
What should happen
Checks should be run and merging should be prevented.
It would be great if cla-bot supported configuring what type and/or locations of files to monitor for changes.
E.g. if you can specify *.md
or /docs/**/*
to exclude particular files or folders from CLA checks.
see: https://s3.amazonaws.com/cla-bot/ColinEberhardt-78527442-a6ac-47ec-ac4b-e24b8fb86729
It contains log messages from two different repos:
2019-02-02T14:10:08.483Z INFO Checking CLAs for pull request https://api.github.com/repos/evolvedbinary/pebble-extension/pulls/39
2019-02-02T14:10:08.484Z INFO Bot installed as an integration, obtaining installation token
2019-02-02T14:10:08.519Z INFO API Request https://api.github.com/installations/426748/access_tokens
2019-02-02T14:10:08.633Z INFO Attempting to obtain organisation level .clabot file URL
2019-02-02T14:10:08.634Z INFO API Request https://api.github.com/repos/evolvedbinary/clabot-config/contents/.clabot
2019-02-02T14:10:08.698Z INFO Organisation configuration not found, resolving .clabot URL at project level
2019-02-02T14:10:08.698Z INFO API Request https://api.github.com/repos/evolvedbinary/pebble-extension/contents/.clabot
2019-02-02T14:10:08.778Z INFO Obtaining .clabot configuration file from https://raw.githubusercontent.com/evolvedbinary/pebble-extension/master/.clabot
2019-02-02T14:10:08.778Z INFO API Request https://raw.githubusercontent.com/evolvedbinary/pebble-extension/master/.clabot
2019-02-02T14:10:08.952Z INFO Obtaining the list of commits for the pull request
2019-02-02T14:10:08.952Z INFO API Request https://api.github.com/repos/evolvedbinary/pebble-extension/pulls/39/commits
2019-02-02T14:10:09.068Z INFO Total Commits: 1, checking CLA status for committers
2019-02-02T14:10:09.068Z INFO All contributors have a signed CLA, adding success status to the pull request and a label
2019-02-02T14:10:09.069Z INFO API Request https://api.github.com/repos/evolvedbinary/pebble-extension/issues/39/labels
2019-02-02T14:10:09.217Z INFO API Request https://api.github.com/repos/evolvedbinary/pebble-extension/issues/39/labels
2019-02-02T14:10:09.218Z INFO API Request https://api.github.com/repos/evolvedbinary/pebble-extension/statuses/1074c8402c52811f19e80fb23c25081199e3932b
2019-02-02T14:49:38.054Z INFO Checking CLAs for pull request https://api.github.com/repos/ColinEberhardt/clabot-prod-test/pulls/10
2019-02-02T14:49:38.054Z INFO Bot installed as an integration, obtaining installation token
2019-02-02T14:49:38.059Z INFO API Request https://api.github.com/installations/39490/access_tokens
2019-02-02T14:49:38.110Z INFO Attempting to obtain organisation level .clabot file URL
2019-02-02T14:49:38.110Z INFO API Request https://api.github.com/repos/ColinEberhardt/clabot-config/contents/.clabot
2019-02-02T14:49:38.172Z INFO Organisation configuration found!
2019-02-02T14:49:38.172Z INFO Obtaining .clabot configuration file from https://raw.githubusercontent.com/ColinEberhardt/clabot-config/master/.clabot
2019-02-02T14:49:38.172Z INFO API Request https://raw.githubusercontent.com/ColinEberhardt/clabot-config/master/.clabot
2019-02-02T14:49:38.676Z INFO Obtaining the list of commits for the pull request
2019-02-02T14:49:38.676Z INFO API Request https://api.github.com/repos/ColinEberhardt/clabot-prod-test/pulls/10/commits
2019-02-02T14:49:38.849Z INFO Total Commits: 1, checking CLA status for committers
2019-02-02T14:49:38.866Z INFO API Request https://gist.githubusercontent.com/ColinEberhardt/293439a97af26a64f8d588ca9e242fad/raw/eab0ce188744e6aa757eaa1b559e2561e1d12e1a/contributors?colineberhardt
2019-02-02T14:49:38.891Z INFO All contributors have a signed CLA, adding success status to the pull request and a label
2019-02-02T14:49:38.891Z INFO API Request https://api.github.com/repos/ColinEberhardt/clabot-prod-test/issues/10/labels
2019-02-02T14:49:39.021Z INFO API Request https://api.github.com/repos/ColinEberhardt/clabot-prod-test/issues/10/labels
2019-02-02T14:49:39.022Z INFO API Request https://api.github.com/repos/ColinEberhardt/clabot-prod-test/statuses/928c73218299bdb16d8df77a07852fd8943d5766
When generating a message as a result of a CLA being missing, the cla-bot duplicates the same GitHub user id in some cases.
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://registry.npmjs.org/bootstrap/-/bootstrap-4.3.0.tgz
Path to dependency file: /cla-bot/package.json
Path to vulnerable library: /cla-bot/node_modules/bootstrap/package.json
Dependency Hierarchy:
Found in HEAD commit: 028d5fbb020bd766723483bfc18189e3f59f46b7
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
Publish Date: 2019-02-20
URL: CVE-2019-8331
Base Score Metrics:
Type: Upgrade version
Origin: twbs/bootstrap#28236
Release Date: 2019-02-20
Fix Resolution: 3.4.1, 4.3.1
Hi,
I'm trying to deploy the cla-bot-logs
module, but it fails trying to resolve the correlationKey
against the DynamoDB:
2018-03-19T17:53:58.607Z 7f23cdb2-2b9e-11e8-a4fb-3998bce88dc7 TypeError: Cannot read property 'Items' of null
at Response.dynamodb.query (/var/task/index.js:23:22)
at Request.<anonymous> (/var/task/node_modules/aws-sdk/lib/request.js:364:18)
at Request.callListeners (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:105:20)
at Request.emit (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:77:10)
at Request.emit (/var/task/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/var/task/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/var/task/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /var/task/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/var/task/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/var/task/node_modules/aws-sdk/lib/request.js:685:12)
The issue refers to this code block:
dynamodb.query(params, (err, data) => {
data.Items = data.Items.filter(d => d.level !== 'DEBUG');
if (err) {
console.log(err, err.stack);
} else {
loggingCallback(null, data.Items);
}
});
I know - by adding console.info
statements, that correlationKey
and process.env.LOGGING_TABLE
are correctly resolved (which means lambda mapping template should be correctly defined); I've also added full access on DynamoDB tables to the AWS IAM role used to connect the AWS Lambda function with the API Gateway, to exclude permission issues.
Any idea what may be wrong with my setup?
Thanks!
Just realised that cla-bot is case-sensitive when comparing whitelisted GitHub IDs with PR contributors; code is on https://github.com/ColinEberhardt/cla-bot/blob/develop/cla-bot/contributionVerifier.js#L7
Wondering if we could/should change to:
const contributorArrayVerifier = contributors =>
committers =>
Promise.resolve(committers.filter(c => contributors.indexOf(c.toLowerCase()) === -1));
Another change must be applied when populating the list of committers, to force lowercase there too - https://github.com/ColinEberhardt/cla-bot/blob/develop/cla-bot/index.js#L127
const committers = sortUnique(commits.map(c => c.author.login.toLowerCase()));
I can easily send a PR, but wanted to gather some thoughts first.
Thanks! /cc @ColinEberhardt
[gifbot:chickens]
As a follow up of issue #113 , the CLA bot application should be migrated to github.com/finos-fdx Organization.
I've tested the process and documented it below, step by step; for each step, a screenshot is attached.
FINOS test github app
from my GitHub user account (maoo
)FINOS test github app
in my GitHub user account and enabled on one repositoryFINOS test github app
to finos-fdx
orgfinos-fdx
org ownerHomepage URL
and Webhook URL
(User authorization callback URL
should not be needed, @ColinEberhardt , can you please confirm?)I didn't receive any notification of the transfer as GitHub App user, which means that current cla-bot users should not be notified of this change either.
I would suggest the following ordered actions:
Homepage URL
and Webhook URL
on the cla-bot
GitHub App and test that everything is still working as expected, using a test repository with cla-bot
app installed (step 7 of the test)cla-bot
app (steps 4, 5 and 6) and monitor test repocla-bot
GitHub App on github.com/finos Organizationfinos-fdx
)Am I missing anything?
For better codez ...
Looks like this is supported in Node 7.6, so no icky transpilers ๐ค are required.
There are a few things that are making the tests fragile:
The code looks for commit.author.login
, however this is the payload we see for these authors:
"commit": {
"author": {
"name": "---,
"email": "---",
"date": "2018-04-26T00:19:43Z"
},
"committer": {
"name": "---",
"email": "---",
"date": "2018-04-26T00:19:43Z"
},
"message": "Demoved duplicate quote",
"tree": {
...
},
Thanks for your work! Just wanted to share a minor bug:
I added cla-bot to my org's repo and part of my message
was:
... say '@cla-bot check' to have the contributors list checked again ...
It seems like it would suffice to add a check at the same place we call commentSummonsBot()
to ensure the comment author isn't the bot itself.
Utilities for ESLint plugins.
Library home page: https://registry.npmjs.org/eslint-utils/-/eslint-utils-1.4.0.tgz
Path to dependency file: /cla-bot/package.json
Path to vulnerable library: /tmp/git/cla-bot/node_modules/eslint-utils/package.json
Dependency Hierarchy:
In eslint-utils before 1.4.1, the getStaticValue function can execute arbitrary code.
Publish Date: 2019-08-26
URL: CVE-2019-15657
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15657
Release Date: 2019-08-26
Fix Resolution: 1.4.1
I'm trying to deploy cla-bot using serverless, following docs on DEPLOY.md
Deployment runs smooth:
$ serverless deploy --stage staging
Serverless: Packaging service...
Serverless: Excluding development dependencies...
Serverless: Uploading CloudFormation file to S3...
Serverless: Uploading artifacts...
Serverless: Uploading service .zip file to S3 (11.5 MB)...
Serverless: Validating template...
Serverless: Updating Stack...
Serverless: Checking Stack update progress...
................
Serverless: Stack update finished...
Service Information
service: cla-bot
stage: staging
region: us-east-1
stack: cla-bot-staging
api keys:
None
endpoints:
POST - https://********.execute-api.us-east-1.amazonaws.com/staging/cla-check
functions:
cla-bot: cla-bot-staging-cla-bot
However, when I take the POST endpoint, copy into the GitHub App Endpoint URL and comment an issue, I get an AccessDenied error on CloudWatch:
2018-10-12T14:17:10.542Z 81f88a00-ce29-11e8-9c4d-a9fcf2832d13 (node:1) UnhandledPromiseRejectionWarning: AccessDenied: Access Denied
at Request.extractError (/var/task/cla-bot/node_modules/aws-sdk/lib/services/s3.js:580:35)
at Request.callListeners (/var/task/cla-bot/node_modules/aws-sdk/lib/sequential_executor.js:109:20)
at Request.emit (/var/task/cla-bot/node_modules/aws-sdk/lib/sequential_executor.js:81:10)
at Request.emit (/var/task/cla-bot/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/var/task/cla-bot/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/var/task/cla-bot/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /var/task/cla-bot/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/var/task/cla-bot/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/var/task/cla-bot/node_modules/aws-sdk/lib/request.js:685:12)
at Request.callListeners (/var/task/cla-bot/node_modules/aws-sdk/lib/sequential_executor.js:119:18)
I checked AWS resources and everything seems to be in place; the only strange thing seems to be the API Gateway configuration, which doesn't seem to have an Execution Role set; I tried to copy the ARN from the role created by the serverless deployment, but doesn't allow me to paste and save.
Any idea what is going on? Any help is appreciated, thanks.
It'd be cool to visualize the status and instructions on the Checks page.
Here is the error:
2017-11-14T06:06:08.779Z e7cafe78-c901-11e7-b660-1db3f47536fa TypeError: Cannot read property 'url' of undefined
at gitHubUrls (/var/task/index.js:29:46)
at exports.handler (/var/task/index.js:60:17)
And the offending webhook:
{
"time": "2017-11-14T06:06:08.022Z",
"uuid": "62e4bd02-6b9e-454e-95df-6a4d44a514e9",
"correlationKey": "23a37f06-51b6-4d1a-944f-c1d3e8740351",
"level": "DEBUG",
"message": "clabot lambda invoked by webhook",
"detail": {
"action": "created",
"issue": {
"url": "https://api.github.com/repos/getgauge/gauge/issues/823",
"repository_url": "https://api.github.com/repos/getgauge/gauge",
"labels_url": "https://api.github.com/repos/getgauge/gauge/issues/823/labels{/name}",
"comments_url": "https://api.github.com/repos/getgauge/gauge/issues/823/comments",
"events_url": "https://api.github.com/repos/getgauge/gauge/issues/823/events",
"html_url": "https://github.com/getgauge/gauge/issues/823",
"id": 260930510,
"number": 823,
"title": "Show Diagnostics LSP",
"user": {
"login": "BugDiver",
"id": 15309877,
"avatar_url": "https://avatars2.githubusercontent.com/u/15309877?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/BugDiver",
"html_url": "https://github.com/BugDiver",
"followers_url": "https://api.github.com/users/BugDiver/followers",
"following_url": "https://api.github.com/users/BugDiver/following{/other_user}",
"gists_url": "https://api.github.com/users/BugDiver/gists{/gist_id}",
"starred_url": "https://api.github.com/users/BugDiver/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/BugDiver/subscriptions",
"organizations_url": "https://api.github.com/users/BugDiver/orgs",
"repos_url": "https://api.github.com/users/BugDiver/repos",
"events_url": "https://api.github.com/users/BugDiver/events{/privacy}",
"received_events_url": "https://api.github.com/users/BugDiver/received_events",
"type": "User",
"site_admin": false
},
"labels": [
{
"id": 705114299,
"url": "https://api.github.com/repos/getgauge/gauge/labels/lsp",
"name": "lsp",
"color": "d4c5f9",
"default": false
},
{
"id": 363702930,
"url": "https://api.github.com/repos/getgauge/gauge/labels/ready%20for%20QA",
"name": "ready for QA",
"color": "005b00",
"default": false
}
],
"state": "open",
"locked": false,
"assignee": {
"login": "BugDiver",
"id": 15309877,
"avatar_url": "https://avatars2.githubusercontent.com/u/15309877?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/BugDiver",
"html_url": "https://github.com/BugDiver",
"followers_url": "https://api.github.com/users/BugDiver/followers",
"following_url": "https://api.github.com/users/BugDiver/following{/other_user}",
"gists_url": "https://api.github.com/users/BugDiver/gists{/gist_id}",
"starred_url": "https://api.github.com/users/BugDiver/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/BugDiver/subscriptions",
"organizations_url": "https://api.github.com/users/BugDiver/orgs",
"repos_url": "https://api.github.com/users/BugDiver/repos",
"events_url": "https://api.github.com/users/BugDiver/events{/privacy}",
"received_events_url": "https://api.github.com/users/BugDiver/received_events",
"type": "User",
"site_admin": false
},
"assignees": [
{
"login": "BugDiver",
"id": 15309877,
"avatar_url": "https://avatars2.githubusercontent.com/u/15309877?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/BugDiver",
"html_url": "https://github.com/BugDiver",
"followers_url": "https://api.github.com/users/BugDiver/followers",
"following_url": "https://api.github.com/users/BugDiver/following{/other_user}",
"gists_url": "https://api.github.com/users/BugDiver/gists{/gist_id}",
"starred_url": "https://api.github.com/users/BugDiver/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/BugDiver/subscriptions",
"organizations_url": "https://api.github.com/users/BugDiver/orgs",
"repos_url": "https://api.github.com/users/BugDiver/repos",
"events_url": "https://api.github.com/users/BugDiver/events{/privacy}",
"received_events_url": "https://api.github.com/users/BugDiver/received_events",
"type": "User",
"site_admin": false
}
],
"milestone": null,
"comments": 1,
"created_at": "2017-09-27T10:51:49Z",
"updated_at": "2017-11-14T06:06:07Z",
"closed_at": null,
"author_association": "OWNER",
"body": "Gauge LSP server should support publish diagnostics for spec and concept files.\r\nThe server should publish diagnostics when the document changes.\r\nThis story is part of [LSP support](https://github.com/getgauge/gauge/issues/717) for gauge.\r\n\r\n## Test cases\r\n\r\n- [x] Should show critical errors\r\n- [x] Should show spec parse errors\r\n- [x] Should show concept parse errors\r\n- [ ] Should show unimplemented steps\r\n- [ ] duplicate step definition"
},
"comment": {
"url": "https://api.github.com/repos/getgauge/gauge/issues/comments/344155838",
"html_url": "https://github.com/getgauge/gauge/issues/823#issuecomment-344155838",
"issue_url": "https://api.github.com/repos/getgauge/gauge/issues/823",
"id": 344155838,
"user": {
"login": "sguptatw",
"id": 6310197,
"avatar_url": "https://avatars0.githubusercontent.com/u/6310197?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/sguptatw",
"html_url": "https://github.com/sguptatw",
"followers_url": "https://api.github.com/users/sguptatw/followers",
"following_url": "https://api.github.com/users/sguptatw/following{/other_user}",
"gists_url": "https://api.github.com/users/sguptatw/gists{/gist_id}",
"starred_url": "https://api.github.com/users/sguptatw/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/sguptatw/subscriptions",
"organizations_url": "https://api.github.com/users/sguptatw/orgs",
"repos_url": "https://api.github.com/users/sguptatw/repos",
"events_url": "https://api.github.com/users/sguptatw/events{/privacy}",
"received_events_url": "https://api.github.com/users/sguptatw/received_events",
"type": "User",
"site_admin": false
},
"created_at": "2017-11-14T06:06:07Z",
"updated_at": "2017-11-14T06:06:07Z",
"author_association": "CONTRIBUTOR",
"body": "Issues\r\n- [ ] Unimplemented step is not getting highlighted\r\n- [ ] Duplicate step implementation is not being shown\r\n- [ ] Number of usages are also not displayed\r\n\r\n[test1.zip](https://github.com/getgauge/gauge/files/1469724/test1.zip)\r\n"
},
"repository": {
"id": 18055618,
"name": "gauge",
"full_name": "getgauge/gauge",
"owner": {
"login": "getgauge",
"id": 7044589,
"avatar_url": "https://avatars1.githubusercontent.com/u/7044589?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/getgauge",
"html_url": "https://github.com/getgauge",
"followers_url": "https://api.github.com/users/getgauge/followers",
"following_url": "https://api.github.com/users/getgauge/following{/other_user}",
"gists_url": "https://api.github.com/users/getgauge/gists{/gist_id}",
"starred_url": "https://api.github.com/users/getgauge/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/getgauge/subscriptions",
"organizations_url": "https://api.github.com/users/getgauge/orgs",
"repos_url": "https://api.github.com/users/getgauge/repos",
"events_url": "https://api.github.com/users/getgauge/events{/privacy}",
"received_events_url": "https://api.github.com/users/getgauge/received_events",
"type": "Organization",
"site_admin": false
},
"private": false,
"html_url": "https://github.com/getgauge/gauge",
"description": "Light weight cross-platform test automation",
"fork": false,
"url": "https://api.github.com/repos/getgauge/gauge",
"forks_url": "https://api.github.com/repos/getgauge/gauge/forks",
"keys_url": "https://api.github.com/repos/getgauge/gauge/keys{/key_id}",
"collaborators_url": "https://api.github.com/repos/getgauge/gauge/collaborators{/collaborator}",
"teams_url": "https://api.github.com/repos/getgauge/gauge/teams",
"hooks_url": "https://api.github.com/repos/getgauge/gauge/hooks",
"issue_events_url": "https://api.github.com/repos/getgauge/gauge/issues/events{/number}",
"events_url": "https://api.github.com/repos/getgauge/gauge/events",
"assignees_url": "https://api.github.com/repos/getgauge/gauge/assignees{/user}",
"branches_url": "https://api.github.com/repos/getgauge/gauge/branches{/branch}",
"tags_url": "https://api.github.com/repos/getgauge/gauge/tags",
"blobs_url": "https://api.github.com/repos/getgauge/gauge/git/blobs{/sha}",
"git_tags_url": "https://api.github.com/repos/getgauge/gauge/git/tags{/sha}",
"git_refs_url": "https://api.github.com/repos/getgauge/gauge/git/refs{/sha}",
"trees_url": "https://api.github.com/repos/getgauge/gauge/git/trees{/sha}",
"statuses_url": "https://api.github.com/repos/getgauge/gauge/statuses/{sha}",
"languages_url": "https://api.github.com/repos/getgauge/gauge/languages",
"stargazers_url": "https://api.github.com/repos/getgauge/gauge/stargazers",
"contributors_url": "https://api.github.com/repos/getgauge/gauge/contributors",
"subscribers_url": "https://api.github.com/repos/getgauge/gauge/subscribers",
"subscription_url": "https://api.github.com/repos/getgauge/gauge/subscription",
"commits_url": "https://api.github.com/repos/getgauge/gauge/commits{/sha}",
"git_commits_url": "https://api.github.com/repos/getgauge/gauge/git/commits{/sha}",
"comments_url": "https://api.github.com/repos/getgauge/gauge/comments{/number}",
"issue_comment_url": "https://api.github.com/repos/getgauge/gauge/issues/comments{/number}",
"contents_url": "https://api.github.com/repos/getgauge/gauge/contents/{+path}",
"compare_url": "https://api.github.com/repos/getgauge/gauge/compare/{base}...{head}",
"merges_url": "https://api.github.com/repos/getgauge/gauge/merges",
"archive_url": "https://api.github.com/repos/getgauge/gauge/{archive_format}{/ref}",
"downloads_url": "https://api.github.com/repos/getgauge/gauge/downloads",
"issues_url": "https://api.github.com/repos/getgauge/gauge/issues{/number}",
"pulls_url": "https://api.github.com/repos/getgauge/gauge/pulls{/number}",
"milestones_url": "https://api.github.com/repos/getgauge/gauge/milestones{/number}",
"notifications_url": "https://api.github.com/repos/getgauge/gauge/notifications{?since,all,participating}",
"labels_url": "https://api.github.com/repos/getgauge/gauge/labels{/name}",
"releases_url": "https://api.github.com/repos/getgauge/gauge/releases{/id}",
"deployments_url": "https://api.github.com/repos/getgauge/gauge/deployments",
"created_at": "2014-03-24T08:06:58Z",
"updated_at": "2017-11-13T14:29:48Z",
"pushed_at": "2017-11-13T14:58:45Z",
"git_url": "git://github.com/getgauge/gauge.git",
"ssh_url": "[email protected]:getgauge/gauge.git",
"clone_url": "https://github.com/getgauge/gauge.git",
"svn_url": "https://github.com/getgauge/gauge",
"homepage": "https://getgauge.io",
"size": 9569,
"stargazers_count": 932,
"watchers_count": 932,
"language": "Go",
"has_issues": true,
"has_projects": false,
"has_downloads": true,
"has_wiki": true,
"has_pages": false,
"forks_count": 147,
"mirror_url": null,
"archived": false,
"open_issues_count": 146,
"forks": 147,
"open_issues": 146,
"watchers": 932,
"default_branch": "master"
},
"organization": {
"login": "getgauge",
"id": 7044589,
"url": "https://api.github.com/orgs/getgauge",
"repos_url": "https://api.github.com/orgs/getgauge/repos",
"events_url": "https://api.github.com/orgs/getgauge/events",
"hooks_url": "https://api.github.com/orgs/getgauge/hooks",
"issues_url": "https://api.github.com/orgs/getgauge/issues",
"members_url": "https://api.github.com/orgs/getgauge/members{/member}",
"public_members_url": "https://api.github.com/orgs/getgauge/public_members{/member}",
"avatar_url": "https://avatars1.githubusercontent.com/u/7044589?v=4",
"description": "A lightweight cross platform test automation tool"
},
"sender": {
"login": "sguptatw",
"id": 6310197,
"avatar_url": "https://avatars0.githubusercontent.com/u/6310197?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/sguptatw",
"html_url": "https://github.com/sguptatw",
"followers_url": "https://api.github.com/users/sguptatw/followers",
"following_url": "https://api.github.com/users/sguptatw/following{/other_user}",
"gists_url": "https://api.github.com/users/sguptatw/gists{/gist_id}",
"starred_url": "https://api.github.com/users/sguptatw/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/sguptatw/subscriptions",
"organizations_url": "https://api.github.com/users/sguptatw/orgs",
"repos_url": "https://api.github.com/users/sguptatw/repos",
"events_url": "https://api.github.com/users/sguptatw/events{/privacy}",
"received_events_url": "https://api.github.com/users/sguptatw/received_events",
"type": "User",
"site_admin": false
},
"installation": {
"id": 49371
}
}
}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.