Create workflow for syncing Notion database and issues #642
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
There was a problem hiding this comment.
Reviewable status: 0 of 1 LGTMs obtained, and pending CI: Cargo Dev / macos-13, asan / ubuntu-22.04, docker-compose-compiles-nativelink (20.04), docker-compose-compiles-nativelink (22.04), macos-13, zig-cc ubuntu-20.04, zig-cc ubuntu-22.04 (waiting on @blakehatch)
.github/workflows/issues-notion-sync.yml line 22 at r1 (raw file):
jobs: notion_job: runs-on: ubuntu-latest
nit: Maybe use one of the alpine containers, they are much much smaller?
There was a problem hiding this comment.
Reviewable status: 0 of 1 LGTMs obtained, and pending CI: Cargo Dev / macos-13, asan / ubuntu-22.04, docker-compose-compiles-nativelink (20.04), docker-compose-compiles-nativelink (22.04), macos-13, zig-cc ubuntu-20.04, zig-cc ubuntu-22.04 (waiting on @blakehatch)
There was a problem hiding this comment.
Reviewed 1 of 1 files at r1, all commit messages.
Reviewable status: 0 of 1 LGTMs obtained (waiting on @blakehatch)
.github/workflows/issues-notion-sync.yml line 26 at r1 (raw file):
steps: - name: Add GitHub Issues to Notion uses: tryfabric/notion-github-action@v1
Please run this tool over the workflow file to double-check that we're not regressing the OSSF warnings: https://app.stepsecurity.io/secureworkflow
The two notable things are:
- Instead of
uses: xxx/yyy@z, prefer this pattern:
uses: >- # v1
tryfabric/notion-github-action@f9ed5055c439e20e3f3f3a86e308b40d954ac42e
This way the remote workflow is protected against malicious pushes to the version tag.
- Always explicitly set all default permissions to
read-alland then explicitly elevate permissions just for the steps that you care about. In the top-level (abovejobs):
permissions: read-all
There was a problem hiding this comment.
I'm good with this one as soon as the artifact hash comment is addressed but don't want to add another blocking participant.
Reviewable status: 0 of 1 LGTMs obtained (waiting on @blakehatch)
|
|
blakehatch
force-pushed
the
notion-integration
branch
from
ca43188
to
45b0a7f
Compare
There was a problem hiding this comment.
Reviewable status: 0 of 1 LGTMs obtained, and pending CI: Analyze (javascript-typescript), Bazel Dev / ubuntu-22.04, Local / ubuntu-22.04, Vercel, asan / ubuntu-22.04, docker-compose-compiles-nativelink (20.04), pre-commit-checks, publish-image, ubuntu-20.04 / stable, ubuntu-22.04 (waiting on @blakehatch)
.github/workflows/issues-notion-sync.yml line 22 at r1 (raw file):
Previously, allada (Nathan (Blaise) Bruer) wrote…
nit: Maybe use one of the
alpinecontainers, they are much much smaller?
I couldn't find any hosted alpine containers but I do like the idea of using a lightweight distro for a workflow like this.
.github/workflows/issues-notion-sync.yml line 26 at r1 (raw file):
Previously, aaronmondal (Aaron Siddhartha Mondal) wrote…
Please run this tool over the workflow file to double-check that we're not regressing the OSSF warnings: https://app.stepsecurity.io/secureworkflow
The two notable things are:
- Instead of
uses: xxx/yyy@z, prefer this pattern:uses: >- # v1 tryfabric/notion-github-action@f9ed5055c439e20e3f3f3a86e308b40d954ac42eThis way the remote workflow is protected against malicious pushes to the version tag.
- Always explicitly set all default permissions to
read-alland then explicitly elevate permissions just for the steps that you care about. In the top-level (abovejobs):permissions: read-all
Done. Didn't know about this tool thanks for sending it!
blakehatch
force-pushed
the
notion-integration
branch
from
45b0a7f
to
24191c5
Compare
blakehatch
force-pushed
the
notion-integration
branch
from
24191c5
to
f1cda66
Compare
MarcusSorealheis
requested review from
aaronmondal
and removed request for
aaronmondal
There was a problem hiding this comment.
Reviewed all commit messages.
Dismissed @aaronmondal from a discussion.
Reviewable status: 0 of 1 LGTMs obtained (waiting on @blakehatch)
There was a problem hiding this comment.
Reviewable status: 0 of 1 LGTMs obtained (waiting on @blakehatch)
MarcusSorealheis
dismissed
aaronmondal’s stale review
The comments were addressed. Time difference.
|
Of course, feel free to wait for him if there are no issues with the branch falling behind. I double checked to ensure things were addressed correctly and they were, hence the re-lgtm. |
There was a problem hiding this comment.
Reviewed 1 of 1 files at r3, all commit messages.
Reviewable status: 0 of 1 LGTMs obtained (waiting on @blakehatch)
There was a problem hiding this comment.
Sounds good, thank you!
Reviewable status:
complete! 1 of 1 LGTMs obtained
There was a problem hiding this comment.
Reviewed 1 of 1 files at r3, all commit messages.
Reviewable status:
Description
Allows notion to sync with issues in our public repo.
Secrets that will have to be set by an admin:
Database will likely get changed to task board if we decide to make task tracking based out of the repo (Dump into backlog by default and can be moved by user) but will be separate for now.
Fixes #639
Type of change
Please delete options that are not relevant.
Checklist
git amendsee some docsThis change is