-
Notifications
You must be signed in to change notification settings - Fork 33
Conversation
…e file access config permissioning
Looks great! Will custom file paths still be allowed? |
This should not affect custom files paths; however if that path is in a private repo and does not match the single file permissions, it will be inaccessible by an app. |
@hiimbex, yeah, I've been asking because of private repos, custom file paths cause the same issues for hosted apps. |
I don't think there is anything that can be done about custom paths given GH's single file option. Especially since that should be used for hosted apps rather than full read access for security purposes. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, that makes my life easier right now :)
Hey can we please get this merged and released, or are there any blockers left? |
Hi! Does this immediately affect other official probot apps that use probot-config, or is there some way I can track its impact? |
Because we're using npm versioning, it won't affect any apps requiring probot-config 0.2.0, but when we release a new version (likely 1.0.0), they'll all have to explicitly upgrade to get this behavior change. |
Thanks! |
Closes #13
After some long discussion with @probot/maintainers, we decided the best course of action would be to simply enforce
.github
folders in all repos, even the .github repo. This makes sense given GitHub Apps' permissioning system's 'single file' access option:cc/ @cco3 @jan-auer @nesl247 @dessant