Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sync settings after installing the integration #1

Open
bkeepers opened this issue Jan 22, 2017 · 17 comments · May be fixed by #178
Open

Sync settings after installing the integration #1

bkeepers opened this issue Jan 22, 2017 · 17 comments · May be fixed by #178

Comments

@bkeepers
Copy link
Contributor

If a repository already has a .github/config.yml, then the settings should be synced when the integration is installed.

This involves listening to the integration webhook events and then looking for a .github/settings.yml in all repositories that the installation is given access to.

@bkeepers
Copy link
Contributor Author

It might also be interesting to automatically open a PR that adds all the current settings to .github/config.yml if the file doesn't already exist.

@knrt10
Copy link

knrt10 commented Mar 17, 2018

@bkeepers I completed this. Please review my PR
Thanks in advance.

@stale
Copy link

stale bot commented May 17, 2018

Is this still relevant? If so, please comment with any updates or addition details.

@stale stale bot added the wontfix label May 17, 2018
@stale stale bot closed this as completed May 24, 2018
@bkeepers bkeepers reopened this Sep 12, 2018
@stale stale bot removed the wontfix label Sep 12, 2018
@stale
Copy link

stale bot commented Dec 11, 2018

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

@stale stale bot added the wontfix label Dec 11, 2018
@knrt10
Copy link

knrt10 commented Dec 11, 2018

Yes

@stale stale bot removed the wontfix label Dec 11, 2018
@stale
Copy link

stale bot commented Mar 11, 2019

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

@stale stale bot added the wontfix label Mar 11, 2019
@nesl247
Copy link

nesl247 commented Mar 14, 2019

Yes it is still relevant

@stale stale bot removed the wontfix label Mar 14, 2019
@pecigonzalo
Copy link

pecigonzalo commented Mar 15, 2019

@knrt10 your build is not passing, but why was it closed?

dwijnand added a commit to lagom/lagom that referenced this issue Mar 22, 2019
I think the settings I set aren't being synced because I added the intergration after the configuration was merged, aka repository-settings/app#1.

So poke the file.
denis554 added a commit to denis554/lagom that referenced this issue Apr 9, 2019
I think the settings I set aren't being synced because I added the intergration after the configuration was merged, aka repository-settings/app#1.

So poke the file.
@stale
Copy link

stale bot commented Jun 13, 2019

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

@stale stale bot added the wontfix label Jun 13, 2019
@pecigonzalo
Copy link

@knrt10 or @bkeepers

@stale stale bot removed the wontfix label Jun 13, 2019
@stale
Copy link

stale bot commented Sep 11, 2019

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

@stale stale bot added the wontfix label Sep 11, 2019
@pecigonzalo
Copy link

Bot, got away, its blocked by no one from the project replying.

@stale stale bot removed the wontfix label Sep 12, 2019
travi pushed a commit that referenced this issue Nov 13, 2019
@mvegter mvegter linked a pull request Nov 16, 2019 that will close this issue
@stale
Copy link

stale bot commented Dec 11, 2019

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

@stale stale bot added the wontfix label Dec 11, 2019
@travi
Copy link
Member

travi commented Dec 11, 2019

still relevant

@stale stale bot removed the wontfix label Dec 11, 2019
@stale
Copy link

stale bot commented Mar 11, 2020

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

@stale stale bot added the wontfix label Mar 11, 2020
@pecigonzalo
Copy link

Still relevant @travi could you disable the bot here?

@stale stale bot removed the wontfix label Mar 11, 2020
@travi travi added the pinned label Mar 11, 2020
@jftanner
Copy link

jftanner commented Jul 16, 2024

An implementation for this would significantly improve the security stance when using this app.

Copied from my comment on the open PR:

Currently, an org admin configuring a new repo needs to do two tasks in order:

  1. Install the app in the repo
  2. Push/merge a commit with .github/settings.yml with the required branch protection rules

If they do those in the wrong order, then it's very easy for them to be under the mistaken impression that the repo has been configured safely. This leaves the repo significantly vulnerable until either the settings are updated or an admin notices the missing rules.

That condition is especially likely when creating repos from a template, as the template is likely to have the settings file already.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
6 participants