octokit / app-permissions Goto Github PK

Good to know.

I guess we need app-permissions for the different GH* version as well, or add a key stating in which versions the permission is supported?

For now, I'd suggest to merge and create a follow up issue, so that we are unblocked for further updates

Originally posted by @gr2m in #103 (comment)

What’s missing?

We currently only export a file for api.github.com as documented on https://docs.github.com/en/rest/reference/permissions-required-for-github-apps. But there are versions of this article for all currently supported GHES version:

Why?

Because there are differences between api.github.com and GHES, and in between the different GHES versions

Alternatives you tried

🤷‍♂️

What’s missing?
To automatically add maintainance label to PR's automatically opened by Octokit Bot updating cache/api.github.com.html

Why?
To avoid manual work by reviewers to add maintainance label.

It is a required check to be able to merge:

Alternatives you tried

• GitHub App / GitHub Action in charge of opening the PR add this missing label
• To evaluate existing GitHub Apps to do this job
  • GitHub App: https://github.com/apps/probot-autolabeler
  • GitHub App: https://github.com/apps/auto-labeler
  • GitHub Action: https://github.com/actions/labeler
  • ...

follow up https://mobile.twitter.com/rarkins/status/1295306432812810241 /ping @rarkins

Here is what I think this could work, everything is up for discussion

1. Scrape the Permissions required for GitHub Apps documentation page on a daily basis using GitHub Actions
2. Cache the HTML in a file in the repository for easier debugability
3. Turn the HTML to a JSON format using cheerio. Turn the descriptions into markdown using turndown
4. If there is a change, create a pull request
5. Upon merge, automatically publish a new version to npm (@octokit/app-permissions)

The JSON output could look something like this, e.g. for the issues permission:

{
  // ...
  "issues": {
    "description": "Issues and pull requests are closely related. For more information, see \"[List issues assigned to the authenticated user](https://docs.github.com/en/rest/reference/issues#list-issues-assigned-to-the-authenticated-user). If your GitHub App has ...\"",
    "access-by-path": {
      "GET /repos/{owner}/{repo}/issues": "read",
      "POST /repos/{owner}/{repo}/issues": "write",
      // ...
    }
  },
  // ...
}

Once we have that working, we could work on

1. Add versions for GHES versions
2. Upload the resulting JSON files as artefacts to GitHub releases
3. Setup a release notifier for people who want to consume the JSON file but are not working with JS, compare https://github.com/apps/openapi-release-notifier

What’s missing?

All keys and values are currently added in the order they are documented on https://docs.github.com/en/rest/reference/permissions-required-for-github-apps. We should order all keys and values alphabetically instead.

Why?

We will receive pull requests for every future change in the documentation at https://docs.github.com/en/rest/reference/permissions-required-for-github-apps. The reviews of these changes will be much easier if all keys and values are sorted, and it will prevent false positives in case only the order was changed in the documentation, without an actual change to keys or values

Alternatives you tried

n/a

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Location: package.json
Error type: The renovate configuration file contains some invalid settings
Message: Invalid configuration option: author, Invalid configuration option: keywords, Invalid configuration option: license, Invalid configuration option: main, Invalid configuration option: name, Invalid configuration option: packageRules[0].cheerio, Invalid configuration option: packageRules[0].got, Invalid configuration option: packageRules[0].minimist, Invalid configuration option: packageRules[0].prettier, Invalid configuration option: packageRules[0].semantic-release, Invalid configuration option: publishConfig, Invalid configuration option: release, Invalid configuration option: renovate, Invalid configuration option: scripts, Invalid configuration option: version

What’s missing?

An app can only subscribe to events based on the permissions it requested. For example, an app will not receive push events if it does not at least have read access for the contents permission.

I am not sure if that relation is documented anywhere though. What we could do is maintain this list manually. When creating / updating a GitHub App registration, the events show up at the bottom of the Options page when enabling / disabling permissions. We could write a script that we can just run in the browser to toggle the permissions one-by-one and read out the events that are displayed. Then at the end spit out a JSON object that we can paste back into our code base.

Why?

See probot/probot#1317. We could validate the app.yml file locally, without relying on GitHub's server response, and provide a error message / user experience.

Alternatives you tried

This issue contains a list of Renovate updates and their statuses.

Awaiting Schedule

These updates are awaiting their schedule. Click on a checkbox to ignore the schedule.

• fix(deps): lock file maintenance

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• chore(deps): update actions/setup-node action to v2.1.4

• Check this box to trigger a request for Renovate to run again on this repository

What happened?
Octokit Bot automated PR's are not being labeled with maintainance label

i.e. #34

What did you expect to happen?
After this change (fe8fc69), automated PR's opened by Octokit Bot should be labeled with maintainance label, but they are not.

What the problem might be
For what I see in the logs of the GitHub Action, looks like the app does not have permissions on this repository for updating labels. Could be that?

https://github.com/octokit/app-permissions/runs/1713277148?check_suite_focus=true