codeowners-validator icon indicating copy to clipboard operation
codeowners-validator copied to clipboard

Published 20 hours ago verified publisher icon mszostok

Document which scopes are needed for owners verification

Open ZacSweers opened this issue 5 years ago • 4 comments

Description

Consider documenting which scopes are needed for the github action to validate owner teams. This may actually also be a bug report for the action

Reasons

It's not currently documented and it's not clear to me which ones should be selected.

In fact, the URL it's trying doesn't appear correct to me 🤔

https://api.github.com/repos/<org>/<repo>/teams?per_page=100

Shouldn't this use the org/teams endpoint? https://docs.github.com/en/free-pro-team@latest/rest/reference/teams#list-teams

https://api.github.com/orgs/<org>/teams

ZacSweers avatar Nov 23 '20 05:11 ZacSweers

Hi @ZacSweers

the GitHub token was already described some time ago here: https://github.com/mszostok/codeowners-validator/blob/master/docs/gh-token.md

Regarding the endpoint problem that you mentioned. I'm using the endpoint under the repos URL as I need to know that a given team is assigned to the proper repos. I'm not interested in all teams and using the https://api.github.com/orgs/<org>/teams requires to call another endpoint to check the assigned repos and that increase the number of calls against the GitHub which I want to keep minimal

mszostok avatar Nov 23 '20 15:11 mszostok

Hmm, when I tried this we always get back an empty list. Let me see if I can debug with some manual querying on the API to repro

ZacSweers avatar Nov 24 '20 23:11 ZacSweers

From some experimentation, even with the permissions specified in the doc above, it looks like the user with the token either needs to be an organization owner or have admin access to the repo in question.

I'm not sure how to verify the exact scopes required for this operation in the GH docs (eg. can't find this documented).

Does this sound right to you @mszostok ? It doesn't seem like it should require admin access to list the teams for a repo, so I may be missing something.

dkuebric avatar Nov 25 '20 20:11 dkuebric

I had the same issue. I can't list teams in the repo, and the tests for this seem to be failing with the same 404 error. After consulting the documentation from the API seems like there is no error, but it is not working for public repositories either. After doing this change it is working for the private repo case I am working on: https://github.com/photonbit/codeowners-validator/commit/f145b6563e0e71f503213dbf5fab2318350ec8f9

photonbit avatar Dec 22 '20 10:12 photonbit