Checks reporting config differences when there aren't any

[dan-ih]

Problem Description

When I configure a repo with its existing branch protection config, there are two items which show as changed in the PR check which haven't changed.

What is actually happening

It looks like the comparison being done here https://github.com/github/safe-settings/blob/main-enterprise/lib/mergeDeep.js#L120-L126 is showing differences for some items when the config should be the same. The two example differences I am seeing are:

From github REST API (target):

"enforce_admins": {	
	"url": "https://api.github.com/repos/Introhive/introhive/branches/master/protection/enforce_admins",	
	"enabled": false
},

Is being compared with config (source):
"enforce_admins": false,
-----and-----
From github REST API(target):

"required_status_checks": {
	"url": "https://api.github.com/repos/Introhive/introhive/branches/master/protection/required_status_checks",	
	"strict": false,
    "contexts": [
      "task-list-completed",
      "codeclimate"
	],
	"contexts_url": "https://api.github.com/repos/Introhive/introhive/branches/master/protection/required_status_checks/contexts",
	"checks": [	
    {	
      "context": "task-list-completed",	
      "app_id": null	
    },
    {	
    	"context": "codeclimate",	
    	"app_id": null
    }	
]	

Is being compared with (source):

"required_status_checks": {
   "strict": false,	
   "contexts": [
     "task-list-completed",	
     "codeclimate"
	]
}

What is the expected behavior

I would expect the comparisons above to be done in a manner that doesn't indicate there are config changes.

Error output, if available

Branch Protection : introhive : Followings changes will be applied to the branch protection for archived_develop branch = { "additions": { "required_status_checks": { "strict": false } }, "modifications": { "enforce_admins": true } }

Branch Protection : introhive : Followings changes will be applied to the branch protection for master branch = { "additions": { "required_status_checks": { "strict": false }, "restrictions": { "teams": [ "committers", { "name": "Committers", "id": {{REDACTED}}, "node_id": ""id": {{REDACTED}}", "slug": "committers", "description": "Members who can merge PRs into master.", "privacy": "closed", "url": "https://api.github.com/organizations/({REDACTED}}/team/({REDACTED}}", "html_url": "https://github.com/orgs/Introhive/teams/committers", "members_url": "https://api.github.com/organizations/({REDACTED}}/team/({REDACTED}}/members{/member}", "repositories_url": "https://api.github.com/organizations/({REDACTED}}/team/({REDACTED}}/repos", "permission": "pull", "parent": null } ] } }, "modifications": { "enforce_admins": false } }

Context

We would like to be able to validate that these checks to show no changes as we roll safe-settings out for all repositories in our org.

Are you using the hosted instance of probot/settings or running your own?

Running our own

If running your own instance, are you using it with github.com or GitHub Enterprise?

github.com

Version of probot/settings

    "probot": "12.2.0"

safe-settings is synced up to the latest from the main-enterprise branch as of today.

Version of GitHub Enterprise

N/A

[decyjphr]

@dan-ih, Thanks for the detailed issue. I'll look at it and let you know in a couple of days.

[svg153]

Hi @dan-ih.

The same thing here.

I would like to ask you, do you have a basic configuration for the organization and another one specific for repositories?. We have observed that it takes the one from the repository directly, and therefore fails because required fields are missing, which are in the basic configuration. Have you seen something similar?. There is a unit test for this case. Thanks :)