Skip to content

v0.3.16 - Prevent private tasks from syncing to GitHub

Choose a tag to compare

View all tags
@github-actions github-actions released this 10 Jun 12:22
· 1 commit to main since this release
v0.3.16
23ef524
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Release Notes

Bug Fixes

  • Private tasks are no longer synchronized or announced to GitHub when created. Previously, all tasks including private ones would trigger GitHub issue creation and external URL building, potentially exposing private work items. The only information that would have been visible is titles of tasks. Body content/comments/etc are not affected.

Summary

Prevented private tasks from being shared externally by adding an early return in the task creation route when visibility is set to 'private'. This ensures private tasks remain private and are never posted to GitHub repositories.

Technical Details

Added a visibility check (if (visible === "private") return;) in the GitHub issue creation flow within the task creation route. This early return:

  • Skips building the external task URL
  • Prevents Octokit invocation for GitHub API calls
  • Avoids any external synchronization for private tasks

File changed: apps/backend/routes/api/internal/v1/task.ts:318

The check is placed after fetching the organization and task data but before any external API calls, ensuring minimal overhead and clean separation between private and public task workflows.

Full Changelog: #254

Assets 2
Loading