Valid Owner Checker should report if the owner doesn't have Write access #157
Milestone
Comments
|
this would be lovely |
This was referenced Apr 23, 2024
infinisil
added a commit
to NixOS/org
that referenced
this issue
Apr 26, 2024
We shouldn't use personal access tokens, instead we created a GitHub App with read-only access to just this repository. While codeowners-validator supports GitHub App authentication, the same cannot be said for the hacky script I wrote because there was no support for checking write access: mszostok/codeowners-validator#157 Instead of trying to hack the script more to make it work with GitHub App authentication, I decided to implement it into codeowners-validator itself: mszostok/codeowners-validator#222 Because it's not merged/released yet, we need to build it ourselves, so I added some Nix to do that reproducibly.
infinisil
added a commit
to NixOS/org
that referenced
this issue
Apr 26, 2024
We shouldn't use personal access tokens, instead we created a GitHub App with read-only access to just this repository. While codeowners-validator supports GitHub App authentication, the same cannot be said for the hacky script I wrote because there was no support for checking write access: mszostok/codeowners-validator#157 Instead of trying to hack the script more to make it work with GitHub App authentication, I decided to implement it into codeowners-validator itself: mszostok/codeowners-validator#222 Because it's not merged/released yet, we need to build it ourselves, so I added some Nix to do that reproducibly.
infinisil
added a commit
to NixOS/org
that referenced
this issue
Apr 26, 2024
We shouldn't use personal access tokens, instead we created a GitHub App with read-only access to just this repository. While codeowners-validator supports GitHub App authentication, the same cannot be said for the hacky script I wrote because there was no support for checking write access: mszostok/codeowners-validator#157 Instead of trying to hack the script more to make it work with GitHub App authentication, I decided to implement it into codeowners-validator itself: mszostok/codeowners-validator#222 Because it's not merged/released yet, we need to build it ourselves, so I added some Nix to do that reproducibly.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, the Valid Owner Checker performs the following checks:
In Step 3, instead of checking whether the owner is a member of the organization, the Valid Owner Checker should check whether the owner has Write or Admin access to the repository.
Reasons
This is consistent with the native GitHub codeowners validation check that appears in the GitHub web interface. Only a code owner with Write access or greater can approve PRs: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/approving-a-pull-request-with-required-reviews
This change would lead the codeowners validator status check to report failure under the following scenarios, consistent with the native validation check:
In the GitHub native codeowners validator, each of these would result in the following error:
Clicking the ellipsis shows more details about the error.
The text was updated successfully, but these errors were encountered: