Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat!: GitHub API access via GitHub Apps in workflows #1709

Merged
merged 7 commits into from
Mar 29, 2022
Merged

feat!: GitHub API access via GitHub Apps in workflows #1709

merged 7 commits into from
Mar 29, 2022

Conversation

Chriscbr
Copy link
Contributor

@Chriscbr Chriscbr commented Mar 23, 2022
edited
Loading

Fixes #1657

Allows projen workflows requiring GitHub API access beyond the permissions of GITHUB_TOKEN to specify access from either a personal access token or a GitHub App. It can be configured like so:

const { javascript, github } = require('projen');

const project = new javascript.NodeProject({
  // ...other options
  githubOptions: {
    projenCredentials: github.GithubCredentials.fromApp({ ... }),
  },
});

See https://github.com/projen/projen/blob/rybickic/github-app-access/docs/github.md for more details.

This change also removes projenUpgradeSecret from NodeProjectOptions, which resulted in a cascade of other breaking changes. Since #1383 (v0.47.0) we've required provide a PROJEN_GITHUB_TOKEN for all projects, but NodeProject still assumed projects were using GITHUB_TOKEN by default, so projects were being created with separate workflows for upgrading projen and for upgrading other dependencies. I've removed that default, though it's still possible to create these kinds of workflows separately (details here: https://github.com/projen/projen/blob/rybickic/github-app-access/docs/node.md).

BREAKING CHANGE: The deprecated projenUpgradeSecret is removed, and GitHub API access is now customizable through githubOptions.projenCredentials.

  • Separate tasks/workflows for upgrading projen (and approving those PRs) are no longer generated by default. autoApproveProjenUpgrades, projenUpgradeAutoMerge, and projenUpgradeSchedulehave been correspondingly removed.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@Chriscbr Chriscbr requested a review from a team March 23, 2022 20:28
@mergify mergify bot added the contribution/core ⚙️ used by automation label Mar 23, 2022
github-actions and others added 2 commits March 23, 2022 20:33
chore: self mutation
780d9fd 
Signed-off-by: github-actions <github-actions@github.com>
@Chriscbr
fix typo
98dd69e
@codecov-commenter
Copy link

codecov-commenter commented Mar 24, 2022
edited
Loading

Codecov Report

Merging #1709 (1eed2dc) into main (d90284c) will increase coverage by 1.44%.
The diff coverage is 90.63%.

@@            Coverage Diff             @@
##             main    #1709      +/-   ##
==========================================
+ Coverage   88.06%   89.50%   +1.44%     
==========================================
  Files         132      152      +20     
  Lines        5109     6177    +1068     
  Branches     1207     1575     +368     
==========================================
+ Hits         4499     5529    +1030     
- Misses        610      646      +36     
- Partials        0        2       +2
Impacted Files Coverage Δ
src/cdk/consts.ts 100.00% <ø> (+36.36%) ⬆️
src/dev-env.ts 83.33% <0.00%> (ø)
src/java/index.ts 100.00% <ø> (ø)
src/python/index.ts 100.00% <ø> (ø)
src/release/index.ts 100.00% <ø> (ø)
src/release/publisher.ts 98.85% <ø> (-0.39%) ⬇️
src/release/release-trigger.ts 100.00% <ø> (ø)
src/release/release.ts 95.76% <ø> (-2.09%) ⬇️
src/release/tag-version.ts 86.66% <ø> (ø)
src/release/update-changelog.ts 100.00% <ø> (ø)
... and 184 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5c247b9...1eed2dc. Read the comment docs.

RomainMuller
RomainMuller reviewed Mar 24, 2022
View reviewed changes
docs/github.md Show resolved Hide resolved
docs/tasks.md Show resolved Hide resolved
src/github/api-access.ts Outdated Show resolved Hide resolved
src/github/api-access.ts Outdated Show resolved Hide resolved
src/github/workflows.ts Outdated Show resolved Hide resolved
@Chriscbr Chriscbr changed the title feat!: GitHub Apps for workflow API access feat!: GitHub API access via GitHub Apps in workflows Mar 25, 2022
@Chriscbr Chriscbr requested a review from RomainMuller March 25, 2022 20:24
RomainMuller
RomainMuller approved these changes Mar 29, 2022
View reviewed changes
Copy link
Contributor

@RomainMuller RomainMuller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Like it better like that :) GG

@mergify mergify bot merged commit d4ea9c7 into main Mar 29, 2022
@mergify mergify bot deleted the rybickic/github-app-access branch March 29, 2022 21:44
kaizencc pushed a commit that referenced this pull request Apr 4, 2022
@Chriscbr @kaizencc
feat!: GitHub API access via GitHub Apps in workflows (#1709)
05877e8 
Fixes #1657 

Allows projen workflows requiring GitHub API access beyond the permissions of GITHUB_TOKEN to specify access from either a personal access token or a GitHub App. It can be configured like so:

```ts
const { javascript, github } = require('projen');

const project = new javascript.NodeProject({
  // ...other options
  githubOptions: {
    projenCredentials: github.GithubCredentials.fromApp({ ... }),
  },
});
```

See https://github.com/projen/projen/blob/rybickic/github-app-access/docs/github.md for more details.

This change also removes `projenUpgradeSecret` from NodeProjectOptions, which resulted in a cascade of other breaking changes. Since #1383 (v0.47.0) we've required provide a PROJEN_GITHUB_TOKEN for all projects, but NodeProject still assumed projects were using GITHUB_TOKEN by default, so projects were being created with separate workflows for upgrading projen and for upgrading other dependencies. I've removed that default, though it's still possible to create these kinds of workflows separately (details here: https://github.com/projen/projen/blob/rybickic/github-app-access/docs/node.md).

BREAKING CHANGE: The deprecated `projenUpgradeSecret` is removed, and GitHub API access is now customizable through `githubOptions.projenCredentials`.
* Separate tasks/workflows for upgrading projen (and approving those PRs) are no longer generated by default. `autoApproveProjenUpgrades`, `projenUpgradeAutoMerge`, and `projenUpgradeSchedule`have been correspondingly removed.

---
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
@Chriscbr Chriscbr mentioned this pull request Apr 19, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RomainMuller RomainMuller RomainMuller approved these changes

Assignees
No one assigned
Labels
contribution/core ⚙️ used by automation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

PROJEN_GITHUB_TOKEN endangers enterprise adoption
3 participants
@Chriscbr @codecov-commenter @RomainMuller