Bug: PR creation fails without message

[jasonkarns]

I have used the analyze and PR creation flow a couple of times on other repos in the same org, so I believe I have authorized corrrectly.

However, I'm now getting errors trying to create PRs for another repo in the same org: nodenv/.github.

There is no error message in the UI. After clicking the Create Pull Request, I get the dialog for the PR subject/description. I click Create Pull Request button again from the dialog. It says "creation can take up to 30sec" (as it did before).

About 15 seconds later, I get an error without a message. And no PR is opened on the repo.

[varunsh-coder]

@jasonkarns thanks for creating this issue! We have a known issue where if someone has created a PR for a repo in an org, the PR creation fails for the same repo name in a different org. It has to do with the fork of the repo that is created in the step-security-bot account.

I have deleted the previous fork of .github in the step-security-bot account for now, so it should work for you. We will address the root cause of the issue in the future.

[jasonkarns]

@varunsh-coder ah, thanks! I can see that being problematic (especially considering the number of repos whose names are not optional. .github being a special repo that must have that name in order for it to be respected with GitHub's tooling.

[pSub]

I think I'm having the same issue with my repository pSub/configs. I get an error without a message and when I look at the corresponding HTTP request, it contains the error 422 Object does not exist [] which indicates that it tries to find the commit of my repo in an different repo with an other name.

Edit: Indeed https://github.com/step-security-bot/configs is a fork of OpenAlly/configs.

Edit2: I think to fix this bug step-security needs to fork to step-security-bot/<username>-<repository> or something similar. I had a look at https://github.com/step-security/secure-repo/blob/main/Automate-PR/src/index.ts which seems to be the right place for this change, but I currently do not have the capacity to attempt a solid PR for this.

[varunsh-coder]

@pSub I have deleted https://github.com/step-security-bot/configs for now, and so you should be unblocked.

We had tried to fork by specifying a different name and that was causing the fork process to be inconsistent. It would fail unexpectedly sometimes. We will try this again, may be the API has been improved since the last time we tried.

[pSub]

@varunsh-coder Thank you. That unblocked me.

:crossed_fingers: that the API has improved and this issue can be resolved!

[IEvangelist]

I was seeing this issue too, and I think I figured out why. @BillWagner and I were attempting to generate a PR for the dotnet/docs repo, and this would fail every time. I then noticed that the step-security-bot list of repositories was updating their existing docs repo, but it was originally forked from a different repo (by the same name).

With this theory in mind, I renamed my fork of the dotnet/docs repo to be named dotnet-docs, making it a unique repo for the step-security-bot. And then it worked...

My proposal is to have the step-security-bot create a unique fork name, that includes the organization to help ensure that collisions like this are avoided.

This is likely where you'd like to specify the fork name:

https://github.com/step-security/secure-repo/blob/d61982f516cebd6559d547417e558a8cd57dd9f5/Automate-PR/src/utils.ts#L9