This epic aims to address the challenges related to syncing repositories, managing permissions, and ensuring proper access control when fetching and syncing repositories. There are likely many, many enhancements we can do across the stack, but we'll try and label the problems in "large" buckets worth tackling that we can then further refine and create individual tickets for below.
Issues to Address:
Private Repository Visibility:
Issue: Private repositories are visible in Codecov even after being turned from public to private on GitHub.
Root Cause: If a user doesn't give us permission to access "all repositories," we lose the ability to "see" repositories as they become private. This leads to stale / out of sync repositories in our DB, and a headache for users who simply want their repositories to be hidden but are not because we never sync them (other related cases too like removing repositories from GH, etc.)
Initial Installation Repositories + App Installation vs. Publicly Available Repos:
Issue 1: Repositories granted access during installation are synced, including all public repositories, potentially leading to "over fetching"
Issue 2: User doesn't have visibility into which repositories are being fetched due to app installation permissions vs. public nature of repositories
Root Cause: Github's REST API and associated token will pull all user's repositories that we are able to access, regardless of the repositories they have personally given us access to. This may not be exactly what the user wants, or maybe it is?
User Permissions and Sync Logic:
Issue: User syncs all organizations related to them
Root Cause: Similar to the above, but when the user is actually clicking "sync" we are syncing ALL organizations the user has access for, which is likely leading to additional syncs (Read: Requests contributing to rate limit issues) when they may only want "freshness" for that particular repo. While it's great we're making their life "easier" by syncing everything all at once for them; it's not needed.
Overview
This epic aims to address the challenges related to syncing repositories, managing permissions, and ensuring proper access control when fetching and syncing repositories. There are likely many, many enhancements we can do across the stack, but we'll try and label the problems in "large" buckets worth tackling that we can then further refine and create individual tickets for below.
Issues to Address:
Similar thoughts and enhancements are also written in long form by @adrian-codecov here: https://github.com/codecov/engineering-team/issues/1549