search

BonnyCI / projman

A project management repository -- meta
0 stars 2 forks source link

Can't use BonnyCI integration and branch protection #226

Open jamielennox opened 7 years ago

jamielennox commented 7 years ago

When using the BonnyCI integration it creates a bonnyci[bot] user. Github doesn't view this as a real user and so you can't select it in the branch protection drop down. This means you can't use the integration and have branch protection enabled which is going to be a really common situation.

Forum issue: https://platform.github.community/t/repositories-which-have-protected-branches-with-push-restrictions-have-no-ability-to-grant-push-rights-to-integrations/1376/6

jamielennox commented 7 years ago

I also emailed github and got a non committal response:

Hi Jamie,

Thanks for writing in about this.

You're absolutely right, the 'restrict who can push' protected branch set up is looking for real users or teams in your organisation, not bots.

I don't have a timeline of when improvements to this situation may be available, but I've added your feedback to the internal issue our engineering team has open about this.

Let us know if we can help with anything else.

Thanks, Alex

Hi,

We're in the process of replacing our bot with an integration and have come across something that will be a blocker for us rolling out. We need our integration to be the user that performs merges on a repository and I've recently been in contact with you working through the last issues to make it so integrations were correctly closing the associated pull requests and issues.

We've come now to the point where we need to restrict who is able to push to a branch. Ideally for our integration the only people that would be able to push to master is our bot and maybe a super-admin as an escape hatch. Everything else should go through the integration.

Unfortunately this doesn't work when settings up branch restrictions. Though we have a user we can identify as part of the integration, this is not a "real" user and can't be selected as one of a restricted few able to push to master in the restriction list.

Ideally we would set up this relationship so our bot user is on the restricted branch user list automatically at integration installation time - but I'm not overly concerned about that immediately. But not being able to instruct users to set up branch restrictions at all means we force them to widen the number of people with push permissions, not shrink it as we are trying to do.

Is there any information or timeline you can give me on getting this fixed?

Thanks for your help,

Jamie Lennox