secret-scanning and secret-protection rules fail remediation for private repos

[jhrozek]

This is expected as GH doesn't allow those features on private repos, but we shouldn't fail those remediations hard:

"remediationDetails": "cannot make request: PATCH https://api.github.com/repos/stacklok/private-repo: 422 Secret scanning is not available for this repository. []"

[JAORMX]

I don't know exactly what to do about this one. My first thought is to fallback and not error but still fail. The reasoning is that you might want these enabled and then figure out by yourself that you cannot have these unless you have GitHub Advanced Security. So... you might want to remove them anyway because they're not possible to enforce.

[jhrozek]

I don't know exactly what to do about this one. My first thought is to fallback and not error but still fail. The reasoning is that you might want these enabled and then figure out by yourself that you cannot have these unless you have GitHub Advanced Security. So... you might want to remove them anyway because they're not possible to enforce.

I think the biggest UX win for now would be to not show the scary-looking error (who knows what HTTP 422 means?) but have a nice error message that tells you exactly what failed and why - and direct to GHAS for private repos as we can't really do much ourselves.

[evankanderson]

We fixed this without noticing this issue to close.