fix: verify correct permission names based on OpenAPI schema #142
Conversation
octokitbot
added
the
Type: Maintenance
|
@gr2m is this indicative of an error upstream we can report somewhere? |
I looked into it and I don't think so. It looks like the way the HTML is rendered is independent of how the route was added in its source file. I think we should address this case on our side. |
|
Okay there were bigger changes that happened here, like title changes. I think it's time we utilze the schema now that the we have a complete schema for |
scripts/update.js
Outdated
| const MISSING_SCHEMA_PERMISSIONS = [ | ||
| "codespaces", | ||
| "dependabot_secrets", | ||
| "email_addresses", | ||
| "followers", | ||
| "git_ssh_keys", | ||
| "gpg_keys", | ||
| "interaction_limits", | ||
| "organization_events", | ||
| "organization_webhooks", | ||
| "profile", | ||
| "repository_webhooks", | ||
| "self_hosted_runners", | ||
| "starring", | ||
| ]; |
There was a problem hiding this comment.
@kfcampbell @nickfloyd can you please look up the real names of these permissions and also reach out to the OpenAPI team and let them know that these permissions are missing in the schema at components/schemas/app-permissions
We can ship the PR as is and remove these later, or add our own mapping until the OpenAPI spec is updated.
There was a problem hiding this comment.
Hey @gr2m will do... thanks for the head's up!
There was a problem hiding this comment.
Updating here: I talked to the Apps team and they're receptive of a PR internally to add these permissions.
|
It looks like our parse app permissions where quite incorrect for a while. Instead of just parsing titles form https://docs.github.com/en/rest/overview/permissions-required-for-github-apps and assuming they are the correct permission names used by GitHub, we now load the OpenAPI spec and utilize the |
gr2m
changed the title
gr2m
changed the title
| @@ -208,13 +212,33 @@ | |||
| "POST /repos/{owner}/{repo}/check-suites/{check_suite_id}/rerequest" | |||
| ] | |||
| }, | |||
| "codespaces": { | |||
There was a problem hiding this comment.
removes codespaces because it's not defined in OpenAPI schema and I'm not sure if this is the correct name
| "DELETE /user/interaction-limits", | ||
| "PUT /user/interaction-limits" | ||
| ] | ||
| }, |
There was a problem hiding this comment.
removes all the above because they are not defined in OpenAPI schema and I'm not sure if this is the correct name
| "url": "https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#permission-on-keys", | ||
| "read": ["GET /user/keys", "GET /user/keys/{key_id}"], | ||
| "write": ["DELETE /user/keys/{key_id}", "POST /user/keys"] | ||
| }, |
There was a problem hiding this comment.
there are likely different permissions for git_ssh_keys and gpg_keys but we need to verify or get the OpenAPI schema updated
| "POST /orgs/{org}/hooks", | ||
| "POST /orgs/{org}/hooks/{hook_id}/pings" | ||
| ] | ||
| }, |
There was a problem hiding this comment.
both missing in OpenAPI schema
| "DELETE /orgs/{org}/blocks/{username}", | ||
| "PUT /orgs/{org}/blocks/{username}" | ||
| ] | ||
| }, |
| "PATCH /repos/{owner}/{repo}/hooks/{hook_id}", | ||
| "POST /repos/{owner}/{repo}/hooks" | ||
| ] | ||
| }, |
| "POST /orgs/{org}/actions/runners/{runner_id}/labels", | ||
| "PUT /orgs/{org}/actions/runners/{runner_id}/labels" | ||
| ] | ||
| }, |
There was a problem hiding this comment.
security_events is added here: https://github.com/octokit/app-permissions/pull/142/files?show-viewed-files=true&file-filters%5B%5D=#diff-260b0feb344434d5b14f971a900a1ed6041cf8c0a5a393cd806a75277ce3c5c5R215
self_hosted_runners and dependabot_secrets are missing in schema
|
This is a long-running issue that we've all probably lost context for (I know I have). @gr2m / @nickfloyd, would you both be interested in doing a zoom call sometime to sort this PR out? |
|
Next step is still to update the OpenAPI spec: and look through my comments on updates to the |
nickfloyd
removed
the
Status: Blocked
|
🎉 This PR is included in version 2.0.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
BREAKING CHANGE: several permissions have been renamed to match GitHub's OpenAPI spec. It's really just a fix, but in order to avoid friction we decided to release a breaking change for this one.
I found new changes on https://docs.github.com/en/rest/reference/permissions-required-for-github-apps/ and thought I'd let you know about it 👋🤖
I can't tell if the changes include fixes, features, breaking changes or just cache updates, you'll have to figure that out on yourself and adapt the commit messages accordingly to trigger the right release, see our commit message conventions.