microsoft/vscode-github-triage-actions

Question about Authorization Management In issue comment

wangyuan249 opened this issue · 3 comments

Hi~ I am currently following your work in VS Code's Issue Triage GitHub Actions @JacksonKearl
And I try to make a kubevela robot for our open source project oam/Kubevela https://github.com/oam-dev/kubevela
After I test and fine tune in my own repo( https://github.com/wangyuan249/actioTestRepo ), I found it is a great project !

While we are facing some problems about Authorization Management In issue comment trigger:
We hope that we can specify some users to have the access when comment in issue area, and trigger the label or assign process and to prevent everyone can trigger this process or to test and play in issue area.

And Now we see such fields like “memberOf” 、“allowUsers” in the command.json file

  {
    "type": "author", 
    "memberOf": { "org": "oam-dev" },
    "action": "updateLabel",
    "addLabel": "author/kubevela"
  },
  {
    "type": "author",
    "notMemberOf": { "org": "oam-dev" },
    "action": "updateLabel",
    "addLabel": "author/not-kubevela"
  },
  {
    "type": "comment",
    "name": "needsMoreInfo",
    "allowUsers": [
	    "wangyuan249",
	    "user1",
	    "user2",
	    "user3"
    ],
    "action": "updateLabels",
    "addLabel": "needs more info"
  },

In my opinion, it is not flexible to maintain the "allowUser" list frequently or to maintain the member list in an organization.
Is there a way for us to scan our projects to determine who is the contributor of our project(or who often speaks in issue and give them the access to comment and trigger label. (When trigger a github action, to scan like this.)

I would be very appreciated if you could give me a reply. thanks!

By default anyone with write access to the repo is allowed to use the comments, the allowUsers field is just for adding additional members who would not otherwise have access. Does that help?

The code for this is here:

((await this.github.hasWriteAccess(this.action.user)) ||
command.allowUsers.includes(this.action.user.name) ||
command.allowUsers.includes('*') ||
(this.action.user.name === issue.author.name && command.allowUsers.includes('@author')))

Thanks a lot ! And I also create a userList file to Maintain the additional members. For each time when executing the github action, it will scan the userlist file and judge whether it is an allow user.