Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address incorrect create githubapp token usage #438

Merged
merged 4 commits into from Nov 20, 2023
Merged

Address incorrect create githubapp token usage #438

merged 4 commits into from Nov 20, 2023

Conversation

rvermeulen
Copy link
Collaborator

Description

The token cannot be shared between jobs so in this PR we:

  • Integrate the token generation as step in a job.
  • Scope the token to the repository the step targets.

Change request type

  • Release or process automation (GitHub workflows, internal scripts)
  • Internal documentation
  • External documentation
  • Query files (.ql, .qll, .qls or unit tests)
  • External scripts (analysis report or other code shipped as part of a release)

Rules with added or modified queries

  • No rules added
  • Queries have been added for the following rules:
    • rule number here
  • Queries have been modified for the following rules:
    • rule number here

Release change checklist

A change note (development_handbook.md#change-notes) is required for any pull request which modifies:

  • The structure or layout of the release artifacts.
  • The evaluation performance (memory, execution time) of an existing query.
  • The results of an existing query in any circumstance.

If you are only adding new rule queries, a change note is not required.

Author: Is a change note required?

  • Yes
  • No

馃毃馃毃馃毃
Reviewer: Confirm that format of shared queries (not the .qll file, the
.ql file that imports it) is valid by running them within VS Code.

  • Confirmed

Reviewer: Confirm that either a change note is not required or the change note is required and has been added.

  • Confirmed

Query development review checklist

For PRs that add new queries or modify existing queries, the following checklist should be completed by both the author and reviewer:

Author

  • Have all the relevant rule package description files been checked in?
  • Have you verified that the metadata properties of each new query is set appropriately?
  • Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
  • Are the alert messages properly formatted and consistent with the style guide?
  • Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
    As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
  • Does the query have an appropriate level of in-query comments/documentation?
  • Have you considered/identified possible edge cases?
  • Does the query not reinvent features in the standard library?
  • Can the query be simplified further (not golfed!)

Reviewer

  • Have all the relevant rule package description files been checked in?
  • Have you verified that the metadata properties of each new query is set appropriately?
  • Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
  • Are the alert messages properly formatted and consistent with the style guide?
  • Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
    As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
  • Does the query have an appropriate level of in-query comments/documentation?
  • Have you considered/identified possible edge cases?
  • Does the query not reinvent features in the standard library?
  • Can the query be simplified further (not golfed!)

@rvermeulen
Generate tokens in a step
72ca9eb 
The initial job setup doesn't work to communicate a token so this
change:

- Integrate the token generation as a step in a job.
- Scopes the token to the repository it is used against.
@rvermeulen
Remove remnant output parameter
e97cd14
@rvermeulen
Add clarifying comment for using different token
4771d4a
@rvermeulen rvermeulen self-assigned this Nov 20, 2023
@rvermeulen rvermeulen added this pull request to the merge queue Nov 20, 2023
Merged via the queue into github:main with commit fe76ac6 Nov 20, 2023
20 checks passed
@rvermeulen rvermeulen deleted the rvermeulen/address-incorrect-create-githubapp-token-usage branch November 20, 2023 22:08
@nicolaswill nicolaswill mentioned this pull request Jan 25, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jsinglet jsinglet jsinglet approved these changes

Assignees

@rvermeulen rvermeulen

Labels
None yet
Projects
Coding Standards Public Development Board
Status: No status
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@rvermeulen @jsinglet