-
Notifications
You must be signed in to change notification settings - Fork 785
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
jx import creates git repos as public, they should be private by default instead #5186
Comments
/area import |
Are this not really two issues? One for |
That said, it seems creation of repositories goes via |
There is potential usability issue. The free option for Organizations on GitHub does not allow private repositories, so when trying to for example import an application one gets:
If private repositories are supposed to be the default, how do we want to handle this? I wonder whether the import should really ask about an organization anyways, but rather for an owner of the new repository which might be a user or organization. |
Is it possible to catch this response ( 422 Visibility can't be private ) and then set up the repo to public. But for payed accounts, it should be private by default. |
There might be a way to check, not sure, but I think if private is the new default, creating public repos should not happen automatically. In this case we need imo some explicit user confirmation. |
The idiomatic way in Go would be to check the error text. I think a confirmation at this point would be reasonable. |
Not sure whether this would be idiomatic, but that's one option. The rub is that this error might differ by provider so it might be better to add some check/validation beforehand to check whether a user can create a given repository. So we could add something like The other issues is that once the error occurs, the directory is in a bad state. Some directories and commits got already created, so if when then tries to do something like Overall we would:
|
I also suggest to change: Which organisation do you want to use to something like Who should be the owner of the created repository. I believe the use of organization is misleading at this point. It does not really have to be an organization. I believe |
Actually, I'd also like to switch the field I know we don't have #5222 in place, but the longer we wait the harder it might get. With the boot approach the CRD should just be overwritten anyways on an upgrade. cc @daveconde |
All I mean by that is it's the way I've seen e.g. the SDK handle this sort of thing. But in this case it certainly seems like it won't be enough.
Agreed.
One way around this is to write migration code for the jx/pkg/apis/jenkins.io/v1/types_users.go Line 74 in 09d481e
|
Ohh, nice one. That would work. |
- this applies for all env respostories as well as repositories created as part of `jx import` fixes jenkins-x#5186
- this applies for all env respostories as well as repositories created as part of `jx import` fixes jenkins-x#5186
- this applies for all env respostories as well as repositories created as part of `jx import` fixes jenkins-x#5186
- this applies for all env respostories as well as repositories created as part of `jx import` fixes jenkins-x#5186
- this applies for all env respostories as well as repositories created as part of `jx import` fixes jenkins-x#5186
- this applies for all env respostories as well as repositories created as part of `jx import` fixes #5186
…private repos See also jenkins-x/jx#5476 and jenkins-x/jx#5186
- this applies for all env respostories as well as repositories created as part of `jx import` fixes jenkins-x#5186
- this applies for all env respostories as well as repositories created as part of `jx import` fixes jenkins-x#5186
- this applies for all env respostories as well as repositories created as part of `jx import` fixes #5186
…private repos See also jenkins-x/jx#5476 and jenkins-x/jx#5186
- this applies for all env respostories as well as repositories created as part of `jx import` fixes jenkins-x#5186
- this applies for all env respostories as well as repositories created as part of `jx import` fixes jenkins-x#5186
Summary
We should assume repos should be private by default else code and secrets could be accidentally leaked.
Expected behaviour
When importing a project, create Git repo as PRIVATE
When creating a new cluster environment repos are PRIVATE
Actual behaviour
When importing a project, Git repo is PUBLIC and not unsecured.
The text was updated successfully, but these errors were encountered: