Service down

[bodinsamuel]

Hey,
First, thanks for this project, I know it's a one-man project and that can be quite exhausting.

It seems the service is down, since 1h I would say.
Is there anything we can do to help? ☺️

Best Regards,

[zeke]

Hey thanks for letting me know. Haven't deployed an changes recently. I'll take a look.

[zeke]

Seeing a lot of these in the logs:

2022-04-15T15:49:35.726417+00:00 app[web.1]: 15:49:35.726Z  INFO http: POST / 400 - 9.92 ms (id=c6b3eee9-9801-43ca-b952-cd4bbb083269)
2022-04-15T15:49:38.182885+00:00 app[web.1]: 15:49:38.182Z ERROR probot: signature does not match event payload and secret
2022-04-15T15:49:38.182915+00:00 app[web.1]: Error: signature does not match event payload and secret
2022-04-15T15:49:38.182916+00:00 app[web.1]: at verifyAndReceive (/app/node_modules/@octokit/webhooks/middleware/verify-and-receive.js:9:19)
2022-04-15T15:49:38.182917+00:00 app[web.1]: at getPayload.then (/app/node_modules/@octokit/webhooks/middleware/middleware.js:46:14)
2022-04-15T15:49:38.182918+00:00 app[web.1]: at <anonymous>

[zeke]

Is there anything we can do to help?

If you have the time and energy, maybe look into upgrading the probot dependency? It's sorely out of date and maybe GitHub has stopped supporting some API that Probot uses or something. A few have tried this upgrade in the past, but it seems it's not just a matter of bumping the version number. There may have been some breaking changes between 7 and 12. That's a lot of major version bumps. 😬

[mdvorak]

#184 but it needs testing (I'll get to it again when I have a moment)

[zeke]

Thanks @mdvorak I'll take a look later today.

For anyone else who's affected by this outage, I would suggest one of these paths forward:

• switch to a GitHub Action (see alternatives at the bottom of the README)
• run your own instance of this service with your own GitHub App so you can debug it, help improve it, and not be so reliant on me, an intermittently-available rando human point of failure.

[mijailr]

👀

[mdvorak]

• run your own instance of this service with your own GitHub App so you can debug it, help improve it, and not be so reliant on me, an intermittently-available rando human point of failure.

For this reason, I have prepared another PR which will publish the app as docker image into ghcr.io repository (free directly here on this repo).
It works, but it could use proper versioning, and image needs to be manually set to be public after first run. I'll put it all together after (if) this is merged.

[zeke]

Looks like it might have been this issue?

https://status.heroku.com/incidents/2413

[vtremblay]

We are experiencing a lot of issues since last Friday, either the checks are never coming back or they take > 15 minutes to execute. Could this be related?

Thanks a lot!

[sutty009]

Also experiencing this issue. Only noticed it today though.

[jeremycohen]

Likewise. Please let us know once there is a released fix. Thanks in advance!

[zeke]

Update: working with Heroku support to resolve the issue. I'll keep y'all posted as I hear back from them. In the meantime, consider switching to a GitHub-actions powered check like https://github.com/amannn/action-semantic-pull-request to unblock yourselves! 🙏🏼

[ioga]

hello, any tips on how to properly "uninstall" the app?
I've already removed it from all repos in the app installation flow, but the new PRs still get the "Semantic Pull Request" check on them...

[asafwat]

@ioga i think you need to remove the status check from the branches protection rules from each repo

on repo > settings > Branches > Branch protection rules > edit > scroll down to "Require status checks" > then remove the "Semantic Pull Request" > save changes

[zeke]

Still working with Heroku support to try to resolve this, but for now it seems blocked:

As we've temporarily revoked all Oauth tokens due to the ongoing security incident, you won't be able to use the GitHub integration features on our platform for now

I could move the service to another provider like Vercel or something, but I don't currently have the time to do that.

Still working with support to get more clarity around the incident and whether it applies to GitHub Apps, whether I need to issue new certs and secrets for the app itself, and/or whether users will have to uninstall and reinstall it to be able to use it again. 😬

[janhartigan]

@zeke sucks that this is happening, but I appreciate the candor here. I've been there before...the curse of creating a popular tool.

[BeyerJC]

Are there any news regarding heroku ? I really liked to have a global check instead of multiple actions

[Ezard]

I'd be up for modifying this so that it runs on Google Cloud Functions/Firebase Functions (since I have the most experience with those), or I could look into using an alternative service if preferred

I too am a fan of installing GitHub Apps as opposed to manually configuring an action in every repo

[TomerFi]

If it helps anyone, I recently deployed my own bot that handles conventional commit messages on PRs.
I'm not sure it's as evolved as this one, but it works well for me.

https://github.com/apps/auto-me-bot

[Ezard]

I've created a new bot (based upon this one) that runs on Firebase Functions, and it's currently going through the GitHub App approval process; I'll update here when the approval process is finished and it's available for public access (if this bot comes back online before the approval process is complete then I'll withdraw mine from the Marketplace and just keep using this one though)

It uses the same config as this original bot, and I've also verified that it passes the existing test suite, so fingers crossed it should be a drop-in replacement

There's still some stuff that I need to add to it (test suite, CI, CD, etc), but I figured I'd get it deployed and added to all of my company's repos to see how it holds up

[mdvorak]

@Ezard Did you use #184? I would consider running original old version both security and operation risk.
Additionally, I'd like to have publicly available docker image (CI is prepared in my fork), for those who want to (have to) run it themselves.
I hoped it would get merged and I would not have to maintain my own fork. If you are gonna have own functional fork, I'd be happy to help.

[Ezard]

@mdvorak you can checkout my repo here: https://github.com/Ezard/semantic-prs

All deps are up-to-date, and will be kept automatically up-to-date by Renovate; my plan is to eventually setup CD so that any dependency updates are immediately deployed (I won't add this until I've sorted out the test suite though)

I didn't see #184, but looking over it now there are definitely some similarities between what we both did (e.g. the same library for parsing commit messages)

More than happy for you to submit a PR adding support for Docker

[zeke]

Hi folks. I hope most of you have moved on by now and found better ways to do semantic checks on your PRs.

For those who haven't, it's time to start looking. Effective today, I will no longer be maintaining this service.

For details on why it reached a breaking point, see this PR: #189

Thanks for your understanding, and happy hacking!

[BeyerJC]

Hi folks. I hope most of you have moved on by now and found better ways to do semantic checks on your PRs.

For those who haven't, it's time to start looking. Effective today, I will no longer be maintaining this service.

For details on why it reached a breaking point, see this PR: #189

Thanks for your understanding, and happy hacking!

@zeke I can understand you but cant let you leave the project without saying thank you for the time you invested so far and the great work you did!