Changed getAllUsers to getDevPortalUsers #13
Conversation
|
We will provide a PR changing the keycloak group names in the next few days to match these changes. |
|
Awesome, welcome @BastianGem! |
|
Welcome @BastianGem |
|
@bekihm Do you have any idea why the publish-result-plugin fails in this PR? I created another PR with a version upgrade there everything is working fine. 2021-01-27 07:16:05 +0000 - publish-unit-test-results - INFO - creating check
Traceback (most recent call last):
File "/action/publish_unit_test_results.py", line 801, in <module>
main(token, event, repo, commit, files, check_name, report_individual_runs, dedup_classes_by_file_name)
File "/action/publish_unit_test_results.py", line 754, in main
publish(token, event, repo, commit, stats, results['case_results'], check_name, report_individual_runs)
File "/action/publish_unit_test_results.py", line 722, in publish
publish_check(stats, cases)
File "/action/publish_unit_test_results.py", line 613, in publish_check
repo.create_check_run(name=check_name, head_sha=commit_sha, status='completed', conclusion='success', output=output)
File "/action/githubext/Repository.py", line 78, in create_check_run
headers={'Accept': 'application/vnd.github.antiope-preview+json'},
File "/usr/local/lib/python3.6/site-packages/github/Requester.py", line 317, in requestJsonAndCheck
verb, url, parameters, headers, input, self.__customConnection(url)
File "/usr/local/lib/python3.6/site-packages/github/Requester.py", line 340, in __check
raise self.__createException(status, responseHeaders, output)
github.GithubException.GithubException: 403 {"message": "Resource not accessible by integration", "documentation_url": "https://docs.github.com/rest/reference/checks#create-a-check-run"} |
|
@volkflo mmh seems to be an authorization issue, I'm not sure if it is a problem that @BastianGem is no maintainer? But this would be very unhandy for all contributors. |
|
@volkflo we use a secret github token here: |
|
@bekihm / @EricWittmann Do you have any idea how we could test this or make this secret for everyone available? |
|
Looks like we could solve this using these features. https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/ Basically we'd just need to have something where a maintainer okays the PR when it's a contributor outside of the maintainers group(s). For example, via a comment to trigger it. You still need that step to stop people opening PRs (via bots, etc) that just use maven or shell to print out all of your secrets. |
|
@msavy This sounds reasonable :) Do you think it would be enough the change |
|
Let me dig into it a bit. We will need to add a bit more to the flows to ensure that someone can't just put "echo $SECRET" into a script file and open a pull request. What do you think of the idea of having a special comment to trigger builds for non-members? That would enable us to check that there's nothing funny in the PR before running it. For example |
|
@msavy I am not sure if this is a good idea because then we have to do this always manually. I am not sure how other plugins handle this. I will create an issue for that. I think we shouldn't discuss this in this PR :) |
To add a developer, the developer must be selected from the list of all Keycloak users.
To make this list a bit clearer, only the users assigned to the Developer Portal groups are now displayed.