Always use the .github folder #16
Conversation
…e file access config permissioning
|
Looks great! Will custom file paths still be allowed? |
This should not affect custom files paths; however if that path is in a private repo and does not match the single file permissions, it will be inaccessible by an app. |
|
@hiimbex, yeah, I've been asking because of private repos, custom file paths cause the same issues for hosted apps. |
|
I don't think there is anything that can be done about custom paths given GH's single file option. Especially since that should be used for hosted apps rather than full read access for security purposes. |
|
Hey can we please get this merged and released, or are there any blockers left? |
|
Hi! Does this immediately affect other official probot apps that use probot-config, or is there some way I can track its impact? |
|
Because we're using npm versioning, it won't affect any apps requiring probot-config 0.2.0, but when we release a new version (likely 1.0.0), they'll all have to explicitly upgrade to get this behavior change. |
|
Thanks! |
Closes #13
After some long discussion with @probot/maintainers, we decided the best course of action would be to simply enforce
.githubfolders in all repos, even the .github repo. This makes sense given GitHub Apps' permissioning system's 'single file' access option:cc/ @cco3 @jan-auer @nesl247 @dessant