-
Notifications
You must be signed in to change notification settings - Fork 321
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Repository settings #540
Comments
@evverx Since moving to an org, I seem now able to give you "Maintain" access to specifically the avahi repository, which may let you adjust these settings. Can you check and see if that works for you - and if there is anything you can't adjust but want to then document it here and we can look to adjust it. Permissions are documented here: |
All those settings can be tweaked by admins only. The links should point to places where admins can turn them on. https://packit.dev/docs/guide#github points to https://github.com/marketplace/packit-as-a-service where it can be installed to the avahi repository (it usually takes some time because the Packit folks have to approve the request as far as I can remember). Coveralls would require signing in with an admin's GitHub account and picking the avahi repository there: https://docs.coveralls.io/index#integrate-coveralls-with-your-codebase (step 4 and step 5 aren't necessary because the GitHub action is already set up and only the "Go to ADD REPOS, find your repo, and toggle it ON to add it to Coveralls." step is needed to let it start publishing statuses).
|
To follow this ticket :) |
@lathiat We would like to have enabled Private vulnerability reporting in https://github.com/avahi/avahi/settings/security_analysis and access to such advisories. I am not able to see any now in Security tab. I have played with it at my fork https://github.com/pemensik/avahi/security/advisories. It seems we would need multiple of advisories. They would allow private collaboration when preparing fixes, then publishing it once fixes are ready. Not sure how to define whose people are able to see reported vulnerabilities, I haven't found that in my fork. But I have no collaborators :) |
It seems at least Admin rights are needed for Security advisory creation or reading, unless people are given collaborator rights for given advisory. Our commit (Member) rights are not enough for it. Unless Trent would take more active role, we need someone in addition to have Admin rights. Then those settings could be tuned be such person. |
I will sort this out on Monday |
I enabled private vulnerability reporting in both the avahi and nss-mdns repositories (just the 1-click enable).
Have added repository-level admin access for @pemensik and @evverx The admin access may also let you do the other actions @evverx for coverity, packit, etc. Let me know if not. |
@lathiat thanks! I set up some branch protection rules and added a secret named COVERITY_SCAN_TOKEN. I'll add the action sending data to Coverity soon. I tried to hook up the repository to Packit and Coveralls but it seems only owners can do that. (it could be that the changes haven't propagated there yet) |
with https://github.com/rhysd/actionlint?tab=readme-ov-file#actionlint to make it easier to add/change/review GH Actions. Mostly in preparation for an action sending data to Coverity Scan. Related to avahi#540
with https://github.com/rhysd/actionlint?tab=readme-ov-file#actionlint to make it easier to add/change/review GH Actions. Mostly in preparation for an action sending data to Coverity Scan. Related to #540
Thank you so much! |
I think packit unfortunately requires more details. It works as a purchase, even though price is free. But it requires address and other identifications of a person anyway. So it is quite likely owner needs to make the "purchase" for their owned project. But let's ask our guys working with it. |
Looks like Packit is up and running. I can't seem to turn on Coveralls. There should be a pending access request somewhere. Once it's accepted Coveralls should fully start working (currently it accepts data from the GH Action and shows the coverage report at https://coveralls.io/github/avahi/avahi but it can't update PR statuses and says that "source not available" when specific files like https://coveralls.io/builds/66602652/source?filename=avahi-core%2Fbrowse.c are viewed). |
This issue is supposed to keep track of various settings that should be tweaked eventually to get Packit, Coverity, Coveralls and some other things to work:
https://packit.dev/docs/guide#githuba secret named COVERITY_SCAN_TOKEN should be added to the repository: https://docs.github.com/en/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository to make the Coverity action work. It should match https://scan.coverity.com/projects/avahi-daemon?tab=project_settingshttps://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repositoryhttps://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branchesThe text was updated successfully, but these errors were encountered: