Closed alexellis closed 5 years ago
This is where we need to make a change: https://github.com/alexellis/derek/blob/9aadd63d106b92907107d5c6172140024d30f53d/handler/permissionsHandler.go#L89
I'll start by setting up Derek on a private repo and reproducing this issue :+1:
I also saw:
No customer for ComparetheMarket
in the logs, which means there needs to be a PR to this file: https://github.com/alexellis/derek/blob/master/.CUSTOMERS
Derek did the right thing by using the ACL, but I think we still need this PR.
Alex
We need to start parsing the private repo status:
{
"repository": {
"id": 13379,
"node_id": "xyz=",
"name": "repo",
"full_name": "owner/repo",
"private": true,
}
}
I raised #117 to give a logging message and add the Private repo flag. The PR @matipan is working on is still needed.
I was able to reproduce the issue using a new derek installation on my OpenFaaS GKE cluster. I started to make a few changes and noticed what you mentioned previously. We will need to make adjustments for fetching .CUSTOMERS
as well.
I believe I have this working. If you want @alexellis I can give you access to the private repo I'm using to test this :+1:
A bit of evidence to show that it is working:
Forgot to mention. I had to give Read-only access to the repository contents, we'll probably want to document that on the guides clarifying that the permission is only necessary for private files.
My current SaaS version of Derek already has read-only on contents, so we should update the docs if that's not clear. Fortunately existing users won't have to update permissions.
Alex
We will need to make adjustments for fetching
.CUSTOMERS
as well.
I'm not sure that this is the case, the CUSTOMERS file is configured once per Derek instance and the ACL could be in a separate public repo. I haven't seen a requirement for a private Derek ACL yet, but if we get it then it should be tracked as a new issue.
You are right :+1: I'm going through the contributing guide now to make sure I follow the correct steps to create a PR.
PR raised: #119
Derek close: implemented in #119
Expected Behaviour
I visited CompareTheMarket today who have a use-case for Derek for delegation of how people label issues without admin access to inner-source repos.
They want Derek to work on their private repos.
Current Behaviour
Derek reads from a CDN for all repos, but with the private ones there is no CDN.
Possible Solution
Find out if the event came from a private repo by using the metadata of the event. If private, grab .DEREK.yml from the GitHub API If not, then go ahead and fallback to the CDN
Steps to Reproduce (for bugs)