[Jenkins-infra] Handling GitHub Apps Requests
Oleg Nenashev
o.v.nenashev at gmail.com
Fri Sep 7 10:12:34 UTC 2018
>
> Any ideas which aren't "yes" or "no" to everything? :-/
*My proposal:* Send them to INFRA JIRA or mailing list, discuss on the
case-by-case-basis. If the request is for read-only apps, it should be
pretty muc automatic as long as they do not hammer WebUI performance somehow
If we stick to the GitHub process, there will be no public track of what is
happening within the GitHub org. And this is not fine, because INFRA group
ML is much wider than the list of GitHub org admins.
As Tyler said, it gets tricky when a user has no email in his GitHub
profile, but we can always ping maintainers/developers in GitHub in the
worst case. I doubt there would be many requests from other kinds of users.
BR, Oleg
On Fri, Sep 7, 2018 at 9:20 AM Daniel Beck <ml at beckweb.net> wrote:
>
>
> > On 7. Sep 2018, at 05:01, R. Tyler Croy <tyler at monkeypox.org> wrote:
> >
> > What makes this even *more* annoying is that it looks like the user can
> request
> > to install the App into repositories for which they're not even
> administrators.
>
> This should be a bug based on my reading of the docs[1].
>
> > You must be an organization owner or have admin permissions in a
> repository to request a GitHub App installation.
>
>
> Additionally, it seems the _requests_ are limited to just GitHub Apps that
> "[require] organization permissions", whatever that is. Otherwise they
> would just be installed. I went through this a few weeks ago after a
> contributor installed an app, and I was wondering out why that was possible.
>
> IOW, requests should generally be limited to GitHub apps with org-wide
> permission requests, and I hope those are rather rare (and need additional
> scrutiny).
>
> So our problem should be mostly limited to installation requests to all
> repos, per your screenshot.
>
> 1:
> https://developer.github.com/apps/differences-between-apps/#who-can-install-github-apps-and-authorize-oauth-apps
>
> _______________________________________________
> Jenkins-infra mailing list
> Jenkins-infra at lists.jenkins-ci.org
> http://lists.jenkins-ci.org/mailman/listinfo/jenkins-infra
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jenkins-ci.org/pipermail/jenkins-infra/attachments/20180907/f02a7767/attachment.html>
More information about the Jenkins-infra
mailing list