Open a Pull Request instead of committing directly to master

[zeke]

Hi @TiagoDanin. This bot is awesome! Thanks for creating it.

When I installed it, I expected to see a Pull Request but instead I see a commit right on the master branch. This is faster and convenient, but it didn't give me an opportunity as the project owner to review the change before merging.

I know it will be more work to open a pull request, but that seems like a more suitable behavior.

[TiagoDanin]

Done! Ref: https://github.com/TiagoDanin/Add-License-Bot/commit/251e6706ad78c122d77d49d7a89d69f60a582053

[zeke]

Sweet! That was fast. Let me know when this is deployed and I will try it out on another repo.

[zeke]

Why is write permission now needed for the whole repo? To create a branch?

[billiegoose]

@zeke I kind of liked that it only had read/write access to a single file before. And I am not interested in getting 30 PRs I have to merge, lol.

Yeah, sadly Github's permission system is wack.

[zeke]

☝️ Maybe you're right. Could it be an option somehow?

If it does commit to master, maybe it should also open an issue and @-mention the owner so it's more noticeable that something happened? Just thinking out loud...

[billiegoose]

... or it could just be a silent do-gooding ninja that I :heart: that doesn't contribute to my notification anxiety.

Lol @zeke could you just fork it? 😁 On a more serious note... is it possible for Probot to run with 2 different sets of OAuth permissions? I feel like to avoid the "full read/write to the repo" permission and go back to the "read/write access to a single file" permission it might have to be a separate bot.

[TiagoDanin]

Why is write permission now needed for the whole repo? To create a branch?

Yes!

maybe it should also open an issue and @-mention the owner so it's more noticeable that something happened...

Or mention in Commit.

[TiagoDanin]

"Single file" permission is more safer. (Ref: https://github.com/TiagoDanin/Add-License-Bot/commit/859628f1aff3932362e6df924070a4fc844d3782).