Issue creation failing with 422

[ddgenome]

Here is a sample from the logs for an atomist-sdm build:

2019-05-29T14:37:23.318Z [w:16:2e60e778-d247-4253-94fd-09ce106f6981:atomist-community:FulfillGoalOnRequested:90495] [info ] Request to 'https://api.github.com/search/issues?q=is:issue+repo:atomist/atomist-sdm+%22Code%20Inspection:%20npm%20audit%20on%20dependabot/npm_and_yarn/semver-6.1.1%22' to get issues
2019-05-29T14:37:23.472Z [w:16:2e60e778-d247-4253-94fd-09ce106f6981:atomist-community:FulfillGoalOnRequested:90649] [info ] Creating issue {"title":"Code Inspection: npm audit on dependabot/npm_and_yarn/semver-6.1.1","body":"### marked:>=0.3.14 <0.6.2\n\n- _(warn)_ [Regular Expression Denial of Service](https://npmjs.com/advisories/812) _Upgrade to version 0.6.2 or later._ \n  - `marked:0.4.0`: \n    - `typedoc>marked`\n\n\n\n[atomist:code-inspection:dependabot/npm_and_yarn/semver-6.1.1=@atomist/atomist-sdm]","assignees":["dependabot-preview[bot]"],"labels":["enhancement"]} from review comment
2019-05-29T14:37:23.473Z [w:16:2e60e778-d247-4253-94fd-09ce106f6981:atomist-community:FulfillGoalOnRequested:90650] [info ] Request to 'https://api.github.com/repos/atomist/atomist-sdm/issues' to create issue
2019-05-29T14:37:23.717Z [w:16:2e60e778-d247-4253-94fd-09ce106f6981:atomist-community:FulfillGoalOnRequested:90894] [error] Failed to create issue: Request failed with status code 422
2019-05-29T14:37:23.721Z [w:16:2e60e778-d247-4253-94fd-09ce106f6981:atomist-community:FulfillGoalOnRequested:90899] [error] Review listener GitHub Issue Review Listener failed. Stack: Error: Failed to create issue: Request failed with status code 422
    at createError (/sdm/node_modules/@atomist/sdm-pack-issue/node_modules/axios/lib/core/createError.js:16:15)
    at settle (/sdm/node_modules/@atomist/sdm-pack-issue/node_modules/axios/lib/core/settle.js:18:12)
    at IncomingMessage.handleStreamEnd (/sdm/node_modules/@atomist/sdm-pack-issue/node_modules/axios/lib/adapters/http.js:201:11)
    at IncomingMessage.emit (events.js:198:15)
    at IncomingMessage.EventEmitter.emit (domain.js:481:20)
    at endReadableNT (_stream_readable.js:1142:12)
    at processTicksAndRejections (internal/process/task_queues.js:81:17)
2019-05-29T14:37:23.722Z [w:16:2e60e778-d247-4253-94fd-09ce106f6981:atomist-community:FulfillGoalOnRequested:90899] [debug] Review listener GitHub Issue Review Listener error: Failed to create issue: Request failed with status code 422
2019-05-29T14:37:23.722Z [w:16:2e60e778-d247-4253-94fd-09ce106f6981:atomist-community:FulfillGoalOnRequested:90899] [debug] Failing autoinspect goal because a review listener failed.

[ddgenome]

I'd bet the issue is the assignees: "assignees":["dependabot-preview[bot]"]

[ddgenome]

Indeed, here is the body of the response from the GitHub.com API:

{
  "message": "Validation Failed",
  "errors": [
    {
      "value": "dependabot-preview[bot]",
      "resource": "Issue",
      "field": "assignees",
      "code": "invalid"
    }
  ],
  "documentation_url": "https://developer.github.com/v3/issues/#create-an-issue"
}

[cdupuis]

I guess we need to check if the assignee is a contributor of the project. Or not assign the issue at all.

[ddgenome]

In the case the issue is that we are trying to assign the issue to a non-user, I'm guessing an app in this case, https://github.com/marketplace/dependabot-preview . So at the very least we need to make sure the assignee is a user.

@cdupuis how would you determine if a user was a contributor? See if any of their email address appear in any of the commits as an author? Test for membership in the org? Push access to the repo?

[cdupuis]

Would this api call help? https://developer.github.com/v3/repos/#list-contributors

[ddgenome]

That API endpoint actually returns "dependabot-preview[bot]" as one of the contributors, so that won't work.

[ddgenome]

And querying the user endpoint for that user also works:

$ curl -H 'Accept: application/vnd.github.v3+json' -X GET 'https://api.github.com/users/dependabot-preview%5Bbot%5D'
{
  "login": "dependabot-preview[bot]",
  "id": 27856297,
  "node_id": "MDM6Qm90Mjc4NTYyOTc=",
  "avatar_url": "https://avatars3.githubusercontent.com/in/2141?v=4",
  "gravatar_id": "",
  "url": "https://api.github.com/users/dependabot-preview%5Bbot%5D",
  "html_url": "https://github.com/apps/dependabot-preview",
  "followers_url": "https://api.github.com/users/dependabot-preview%5Bbot%5D/followers",
  "following_url": "https://api.github.com/users/dependabot-preview%5Bbot%5D/following{/other_user}",
  "gists_url": "https://api.github.com/users/dependabot-preview%5Bbot%5D/gists{/gist_id}",
  "starred_url": "https://api.github.com/users/dependabot-preview%5Bbot%5D/starred{/owner}{/repo}",
  "subscriptions_url": "https://api.github.com/users/dependabot-preview%5Bbot%5D/subscriptions",
  "organizations_url": "https://api.github.com/users/dependabot-preview%5Bbot%5D/orgs",
  "repos_url": "https://api.github.com/users/dependabot-preview%5Bbot%5D/repos",
  "events_url": "https://api.github.com/users/dependabot-preview%5Bbot%5D/events{/privacy}",
  "received_events_url": "https://api.github.com/users/dependabot-preview%5Bbot%5D/received_events",
  "type": "Bot",
  "site_admin": false,
  "name": null,
  "company": null,
  "blog": "",
  "location": null,
  "email": null,
  "hireable": null,
  "bio": null,
  "public_repos": 0,
  "public_gists": 0,
  "followers": 0,
  "following": 0,
  "created_at": "2017-04-21T12:03:36Z",
  "updated_at": "2019-05-23T08:20:18Z"
}

[ddgenome]

Trying to create the issue with assignees set to ["dependabot-preview%5Bbot%5D"] also fails validation.

[ddgenome]

I guess the options are to not assign the issue or to try to assign and then not assign if trying to assign returns 422 with a body indicating an assignee is invalid. Thoughts?

[ddgenome]

We talked about this and decided to create issues without any assignees. If that fails, report the error. If it succeeds, try to assign the issue to the committer, ignoring any failure.