Safe Setting Startup error

[ht1792]

I am trying to setup safe setting app and I’m not quite sure as to why it is failing or what it is trying to do. Is the application trying to access the GitHub API or is it trying to access smee.io?

$ export LOG_LEVEL=debug
$ export http_proxy=http://proxy.conexus.svc.local:3128
$ export https_proxy=http://proxy.conexus.svc.local:3128
$ export ADMIN_REPO=APM0044937-github-safe-settings

$ cat .env
# The organization where you want to register the app in the app creation manifest flow.
# If set, the app is registered for an organization (https://github.com/organizations/ORGANIZATION/settings/apps/new),
# if not set, the GitHub app would be registered for the user account (https://github.com/settings/apps/new).
GH_ORG=ATT-DP9-Testing

# The ID of your GitHub App
APP_ID=409514
WEBHOOK_SECRET=xyz

# Uncomment this to get verbose logging
LOG_LEVEL=debug # or `info` to show less

# Go to https://smee.io/new set this to the URL that you are redirected to.
WEBHOOK_PROXY_URL=https://smee.io/NHxEtSXCNSM46MOc

# Uncomment this to get GitHub comments for the Pull Request Workflow.
# ENABLE_PR_COMMENT=true

CRON="* * * * *"

$ npm run dev

> safe-settings@0.1.0-rc.26 dev
> nodemon --inspect

[nodemon] 3.0.1
[nodemon] to restart at any time, enter `rs`
[nodemon] watching path(s): .env *.*
[nodemon] watching extensions: js,mjs,cjs,json
[nodemon] starting `npm start --inspect`

> safe-settings@0.1.0-rc.26 start
> probot run ./index.js

"repository_ruleset" is not a known webhook name (https://developer.github.com/v3/activity/events/types/)
INFO (server): Running Probot v12.3.1 (Node.js: v20.8.1)
INFO (server): Forwarding https://smee.io/NHxEtSXCNSM46MOc to http://localhost:3000/
INFO (server): Listening on http://localhost:3000
DEBUG (probot): running a task every minute
DEBUG (probot): running a task every minute
ERROR (server):
    type: "error"
    message: "connect ETIMEDOUT 20.119.128.0:443"
DEBUG (probot): running a task every minute
DEBUG (probot): running a task every minute
DEBUG (probot): running a task every minute
ERROR (server):
    type: "error"
    message: "connect ETIMEDOUT 20.119.128.0:443"
DEBUG (probot): running a task every minute
DEBUG (probot): running a task every minute
ERROR (server):
    type: "error"
    message: "connect ETIMEDOUT 20.119.128.0:443"
DEBUG (probot): running a task every minute
DEBUG (probot): running a task every minute
ERROR (server):
    type: "error"
    message: "connect ETIMEDOUT 20.119.128.0:443"
DEBUG (octokit): GitHub request: GET https://api.github.com/app/installations?per_page=100 - 500
/opt/app/scm/app/gitmonitor-app/safe-settings/node_modules/@octokit/request/dist-node/index.js:108
    throw new requestError.RequestError(error.message, 500, {
          ^

RequestError [HttpError]: request to https://api.github.com/app/installations?per_page=100 failed, reason: connect ETIMEDOUT 140.82.112.5:443
    at /opt/app/scm/app/gitmonitor-app/safe-settings/node_modules/@octokit/request/dist-node/index.js:108:11
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async hook (/opt/app/scm/app/gitmonitor-app/safe-settings/node_modules/@octokit/auth-app/dist-node/index.js:409:18)
    at async Job.doExecute (/opt/app/scm/app/gitmonitor-app/safe-settings/node_modules/bottleneck/light.js:405:18) {
  status: 500,
  request: {
    method: 'GET',
    url: 'https://api.github.com/app/installations?per_page=100',
    headers: {
      accept: 'application/vnd.github.v3+json',
      'user-agent': 'probot/12.3.1 octokit-core.js/3.5.1 Node.js/20.8.1 (linux; x64)',
      authorization: 'bearer [REDACTED]'
    },
    request: {
      hook: [Function: bound bound register],
      retryCount: 3,
      retries: 3,
      retryAfter: 16
    }
  }
} 
Node.js v20.8.1
[nodemon] app crashed - waiting for file changes before starting...

[antgrutta]

@ht1792, while safe-settings is a great tool, I am not sure of its long-term supportability. I have had a lot of success with other customers using the Terraform GitHub provider which, in my opinion, is much more fully featured: https://registry.terraform.io/providers/integrations/github/latest/docs. If you like I can walk you through a small demo and we can talk through how your use cases might translate.

[svg153]

Hi @ht1792

I couldn't get it to work with smee, but I did with ngrok. Here you have my test repo and demos with information to be able to set it up.

https://github.com/svg153-org/admin/blob/main/apps/safe-settings-local/README.md

I also leave you a video, in Spanish, where I talk about how it works and another in English

Remove the CRON every minute, it can give RATE limit. Play it every hour.

[svg153]

Another option, as @antgrutta say, is the Terraform provider, but it depends on the technical background you have, the number of repositories and complexity of each one that you also have in the organization.

Unlike Terraform, here you already have the logic of hierarchy and extensibility for repository configuration, labels, term permissions, etc and a gitops approach that prevents manual changes by automatically applying the correct state, (although only for some events). But it is true that with Terraform provider you can manage many more resources than you can manage with safe-settings, such as, team members (which I think is a functionality that should have safe-settings at some point, in another file from org.yaml or similar) and organization members, among others.

In the case of Terraform, to be able to define the reality of your github organization in Terraform, I recommend that you look at Terraformer for GitHub. Although it doesn't have many resources, at least if you have many repositories, it creates the base for you.

[ht1792]

Hi @antgrutta / @svg153

Thanks for the information, I am currently using the GitHub terraform provider to manage org settings. I will extend my currently implementation to include repositories. My goal was to investigate all available options, since safe-settings long-term supportability is iffy I will move my attention back to terraform.

[svg153]

Perfect @ht1792. Close the issue if you want.