Add to public github repo with lower perms #527
Comments
|
I tried adding AppVeyor as just a git repo, that seems to work for getting the code. I get a webhook url, and that seems to trigger the builds, even on PR branches. (though the pr branch still builds as master: see https://ci.appveyor.com/project/ipfsbot/go-ipfs/history -- which is failing because master does not include appveyor.yml, even though the branch does). The other problem is this is not setting the commit indicator. How can we set the commit indicator? (again, this is manual as we cannot grant appveyor permission to read/write ALL webhook credentials) |
|
appveyor.yml is not supported with generic Git repositories and webhook payload is not compatible with GitHub one. |
|
@FeodorFitsner so how do we do this then? |
|
Add it as GitHub repository.
On Tue, Dec 1, 2015 at 9:20 AM, Juan Benet notifications@github.com
|
|
@FeodorFitsner how can i do that without giving full access to all other repository webhooks + credentials? |
|
Create a new GitHub user account, give access to that specific repo only and then use this account within AppVeyor. |
|
misunderstanding the point, AppVeyor would get access to other webhooks + credentials on the exact same repo |
|
OK, right. Let's keep this issue open then - we might re-visit flow for adding public GitHub repos in the future. |
|
@FeodorFitsner is there any way you could add us manually? we want to use AppVeyor :( |
|
OK, another "idea"! Register new GitHub account, then create an empty "fake" public repository under it. Go to AppVeyor, authorize with that account, add that fake repository then go to added Project settings and update repository name (owner/name) on General tab. Configure webhook manually on real repo. |
|
@FeodorFitsner ok thank you for bearing with me, did that:
And I got the webhook to trigger right on the PR! \o/ https://ci.appveyor.com/project/ipfsbot/test/history Remaining Problem: commit indicators still does not show appveyor: FWIW, the webhook "ipfs-integrations/test" was just a "Webhook", not a "Service". other indicators (like travis) are "Service". Is this a supported feature for app-veyor? is there anything special done with github? |
|
That bot user should have write access to add commit status. |
|
@FeodorFitsner thanks very much! great success! -- i'll leave the issue open since this should become easier for other users. |
|
Cool, thanks for the update! :) |
|
Just a note that Appveyor should be asking only for From https://developer.github.com/v3/repos/statuses/:
|
|
Currently, it's asking for |
|
Thanks for the workaround (this is the bot account I created for it) - but could you, possibly, just not have such aggressive permission requests? It's been over a year. |
|
Would be highly appreciated! |
|
so how does it work? this is a bummer, and I'm afraid I'm forced to look elsewhere .. |
|
I'm closing the issue in favor of GitHub Apps item. |
When adding AppVeyor, I see:
"full access to repository webhooks and services" gives full access to all other services, including credentials. For anyone remotely security conscious this is unacceptable. We know it's likely a github problem-- It is no secret that github's OAuth permissions are as granular as icebergs. (Though they do seem to be getting better...). Sill, there should be a recommended way to add appveyor as a CI service manually, for those of us who care.
The text was updated successfully, but these errors were encountered: