search

github / safe-settings

ISC License
616 stars 148 forks source link

Initial repository creation working, but no (initial or subsequent) configuration changes are applied #680

Closed milesarmstrong closed 2 months ago

milesarmstrong commented 2 months ago

Problem Description

Repo creation is working, but no configuration is being applied.

What is actually happening

The initial state is as follows:

deployment-settings.yml:

  configvalidators: []
  overridevalidators: []
  restrictedRepos:
    exclude: []
    include:
    - ^miles-new-test$

.github/settings.yml

N.B. I initially tried with an empty settings.yml, but thought I might have to provide some basic config for things to work properly.

repository:
  default_branch: main

  collaborators: []

  teams: []

.github/repos/miles-new-test.yml

repository:
  force_create: true
  private: true
  auto_init: true

  collaborators:
    - username: milesarmstrong
      permission: admin

the miles-new-test repository was successfully created, is private, and had an init commit, but I was not added as an admin.

In a subsequent PR I made the following change:

.github/repos/miles-new-test.yml

--- a/.github/repos/miles-new-test.yml
+++ b/.github/repos/miles-new-test.yml
@@ -6,3 +6,20 @@ repository:
   collaborators:
     - username: milesarmstrong
       permission: admin
+    - username: jace-ys
+      permission: admin
+
+  branches:
+    - name: default
+      protection:
+        required_pull_request_reviews:
+          required_approving_review_count: 1
+          dismiss_stale_reviews: true
+          require_code_owner_reviews: false
+          require_last_push_approval: false
+          required_signatures: false
+          bypass_pull_request_allowances: null
+          dismissal_restrictions: {}
+        required_status_checks: null
+        enforce_admins: true
+        restrictions: null

The PR comment shows: image

and the PR check shows: image

On merging the PR, no configuration settings are updated, but the main branch check shows: image

What is the expected behavior

The configuration changes should be applied when the PR is merged.

I would also assume the PR comment wouldn't show the full config object under Additions for subsequent config changes, instead should show either the new configuration only under Additions, or show the changes under Modifications

Based on the screenshots in https://github.com/github/safe-settings?tab=readme-ov-file#pull-request-workflow, I'd also expect the PR check output to have a Collaborators Settings column with a 🖐️.

Error output, if available

Here's the trace logging from that time period: safe-settings.jsonl.log

I can't see any obvious errors in the logs, though there a few cases where the word undefined or things like [object Object] appear in log messages.

Context

Are you using the hosted instance of probot/settings or running your own?

Running our own, in kubernetes via the Helm chart provided.

If running your own instance, are you using it with github.com or GitHub Enterprise?

github.com (Team plan)

Version of probot/settings

ghcr.io/github/safe-settings:2.1.11

Version of GitHub Enterprise

N/A

Github App Permissions/Events

GitHub Apps - duffel-safe-settings

milesarmstrong commented 2 months ago

🤦‍♂️ I just can't read YAML formatting.

collaborators and teams are top-level keys.

Thanks for saving me from myself @Brad-Abrams