fix(github): allow only pull permission for print command #262
Conversation
jetersen
changed the title
|
Thanks for the PR. The bug is definitely real and needs to be addressed. The Unfortunately, this does more than that. It does add the fork option (as the title suggests), but that option is intentionally kept out of the print command since there are no forks to be considered when running |
|
Well even though there is no fork. It filters out the repository. So I wonder what the conditional logic should say. |
|
It would have to be indicated to each VersionController that push permission is not needed. Adding something like "readOnly" and change this multi-gitter/internal/scm/github/github.go Line 146 in 60bbbdf to case !g.Fork && !g.ReadOnly && !permissions["push"]: |
|
I'll see if I can get around to it in the weekend to add readonly. |
|
Hopefully this weekend! |
|
@lindell I added |
jetersen
changed the title
cmd/platform.go
Outdated
| // This is only used by PrintCmd to mark readOnly mode for version control platform | ||
| flags.Bool("readOnly", false, "If set, This is running in readonly will be read-only.") | ||
| _ = flags.MarkHidden("readOnly") |
There was a problem hiding this comment.
This is added inside configurePlatform which is run for all cmds.
Marking it hidden as this is set programmatically by the print command.
cmd/cmd-print.go
Outdated
| @@ -48,6 +48,8 @@ func print(cmd *cobra.Command, args []string) error { | |||
| strOutput, _ := flag.GetString("output") | |||
| strErrOutput, _ := flag.GetString("error-output") | |||
|
|
|||
| _ = flag.Set("readOnly", "true") | |||
There was a problem hiding this comment.
ignoring the error here because we know readOnly flag is available.
| @@ -143,7 +148,7 @@ func (g *Github) GetRepositories(ctx context.Context) ([]scm.Repository, error) | |||
| case !permissions["pull"]: | |||
| log.Debug("Skipping repository since the token does not have pull permissions") | |||
| continue | |||
| case !g.Fork && !permissions["push"]: | |||
| case !g.Fork && !g.ReadOnly && !permissions["push"]: | |||
There was a problem hiding this comment.
testing against
repo:
- jenkinsci/jenkins-infra-test-plugin # a non forked repo
- jenkinsci/opslevel-plugin # a forked repo
|
Thanks for the PR @jetersen.
I don't think we are able to do this in a good way, since the flags are used to automatically generate documentation and the help text. We do also expose something, that if set by the user, would make multi-gitter not work properly and create confusion. Changing the signature of getVersionController and createGithubClient has to be done in this case, and that is ok 😄 This logic should also extend to other SCMs, if you are able to add to them as well, that would be appreciated. I can make sure to test it. |
|
I did not see the same permission check in the other SCM |
Indeed that is the case. Nvm that comment |
|
@lindell I believe mark hidden does hide it from help text and usage: See docs: https://github.com/spf13/pflag/blob/85dd5c8bc61cfa382fecd072378089d4e856579d/README.md#hidden-flags So I see no reason to change this further. I can change the name of the flag to something like |
|
Also sees relatively frequent usage: |
|
Seems that it hides it from the help text, but we have some other parts that generate docs that do not take it into consideration (yaml documentation in readme). That could also be fixed to check for hidden flags. But depending on hidden flags to pass data around (that should not be set by setting the flag) is unfortunately not something I can accept. It does indeed work, but so does a global variable, or environment variables etc. |
MarkHidden should have a lot of legit usecases, but I can't find any place in the top search results where it is simply used as a way to create a hidden flags where it is only set programmatically. |
|
@lindell fixed. Thanks to goland refactoring it was a 30 seconds change. 👏 If we add more argument passing we should switch to passing a struct. |
|
Thanks 😄
Totally agree 👍 |
lindell
changed the title
lindell
changed the title
|
Included in release v0.42.1 🎉 |
|
@lindell Thanks for accepting my pull request! 👏🎉 |
Without configuring platform run options. Not all repos are downloaded due to conditions.
What does this change
Instead of:
DEBU[0000] Skipping repository since the token does not have push permissions and the run will not fork repo=jenkinsci/opslevel-plugin
INFO[0000] Running on 0 repositories
You get:
INFO[0000] Running on 1 repositories
INFO[0000] Cloning and running script repo=jenkinsci/opslevel-plugin
Since jenkinsci/opslevel-plugin is a fork I have no push permissions and g.Fork always being false because
configureRunPlatformis never run.Notes for the reviewer
Put any questions or notes for the reviewer here.
Checklist