-
Notifications
You must be signed in to change notification settings - Fork 155
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Same repository that is part of multiple suborgs #277
Comments
I think what you are looking for is to have multiple sub-org configs be applied to a single repo and merge the configs of multiple sub-orgs to that repo config. |
Yes, I'm testing against 2.0.0. Everything is merged properly except all of the suborgs. We are essentially limited to a single suborg per repo.
In a way, but my understanding is that it may not be clear upfront in which order suborg configs will be applied. Hence my suggestion of an explicit "extends" keyword. Although for our usage (merge |
What do you think about such an organization of the settings: #370? |
I think there's definitely value, but it's somewhat orthogonal to the main use case I'd see from this particular issue. eg. for at my org we'd have both discipline-specific and business-suborganisation specific configuration that it would be nice to be able to intelligently merge together. |
A little heads up on merging required_status_checks. I could not apply my checks because the GitHub API rejected the payload defined as:
To my surprise it turned out that I was having a suborg file with In my case I had An option to #262 could be to allow inclusion of partial configurations. Something similar to this: https://stackoverflow.com/a/9577670/2447296 By using that a user could define behaviors in separate files such as in this example:
Example using include for python project checks: Org-level checks baseline for all Python projects: - context: Block Autosquash Commits
app_id: 15368
- context: Commitlint
app_id: 15368
- context: Black, isort, Ruff, and Pytest
app_id: 15368
- context: SonarCloud Code Analysis
app_id: 12526 Team-level baseline: teams:
- name: team1-developers
permission: admin
- name: all-developers
permission: push
branches:
- name: default
protection:
required_pull_request_reviews:
required_approving_review_count: 1
dismiss_stale_reviews: true
required_linear_history: true
allow_deletions: false
block_creations: true
required_status_checks:
# Required. Require branches to be up to date before merging.
strict: true
checks: []
enforce_admins: false
branches:
- name: default
protection:
required_pull_request_reviews: {}
required_status_checks:
checks:
- !include behaviors/python_project_checks.yml |
Is it safe to say that the same repository being part of multiple suborgs is undefined behavior right now? I don't see any documented ordering by which safe-settings will determine which suborg to apply to a repository that matches multiple suborgs. If it really is undefined behavior, it would be nice if the PR check bot would fail a status check in this case. |
@grossag I would say, yes, it is an undefined behavior since, when you look at Line 684 in f6c8d43
I think adding a PR check fail would be an easy solution since we don't have to figure out the rules for precedence, etc. I'll look into that. |
Thanks @decyjphr . It makes sense that it would be easy to check whether a repository matches multiple suborgs via name pattern. But I am not sure about the more advanced cases. My one point of confusion is this: as far as I can tell, suborg matching is implemented the following way:
If that is correct, I wasn't able to figure out a way to catch the more advanced suborg matching cases where, for example:
|
@decyjphr your expert comments will certainly help in here!! |
Line 699 in f6c8d43
If you look at the lines shown above, we build a dictionary of suborg configs with the repo name as the key. The repo names are obtained using the logic associated with It could match one or many of these criteria in a suborg config file and then that config will be associated to that repo. And, sometimes, subsequently it could be matched by the criteria in a different suborg config and it would be associated to that suborg config. I feel this is somewhat similar to how a For now, I can add logic in the code to check it is in a I hope this answers your question. |
Thank you! I hadn't realized that That solution sounds great, thank you! That would help us be able to deploy safe-settings. |
I am testing the release candidate that was provided to me with the fix for this problem and it's definitely working much better than before. I tested this in an org that has 9 total repos (including the repo which contains the safe-settings configurations). When I raise a PR that deliberatly introduces a suborb collision as I would expect the validation check now fails. That being said the comment that the probot app leaves on the PR seems a little odd. There are 10 line items in the comment despite there only being 9 repos in the org. Furthermore all 10 line items say the same things for every column. I would actually expect 8 line items since the repo containing the safe-settings configs is exempt from safe-settings by default. The following screenshot shows what I am seeing with the 2.1.12-rc.1 build. |
@scottcarter87 I fixed this in |
Thank you! Downloading the build now and giving it a try. |
@decyjphr Looks much better, thanks! |
Prerequisites:
n/a
API documentation (https://developer.github.com/v3/) as well as the Octokit documentation (https://octokit.github.io/).
n/a
contacted support (https://support.github.com/) or posted in the Community Forum (https://github.community/). Please
include a link to the forum post if you create one or a copy of the response from support.
New Feature
What I am looking for exactly is a way to add
required_status_checks
from multiple base files to a repository. We extensively use monorepos and reusable workflows. Having a way to not repeat ourselves too much with the repo settings would facilitate maintenance quite a bit.So I tried adding a single repo to multiple suborgs but the
required_status_checks
are not merged and only the checks from one suborg are synced. Every other checks are removed from the branch protections. Using suborgs for that purpose may not be appropriate though. What if a suborg requires 1 approval and the other one asks for 2 approvals? How to decide which one should be applied first?I think a way to extend other config files and apply the extensions in the order they are specified could solve the issue. Many linter configs work this way. ie:
.github/repos/example.yml
.github/templates/webapp-react-frontend.yml
.github/templates/webapp-bff.yml
The text was updated successfully, but these errors were encountered: