Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat (service): Auto-create projects when using GitHub actions #103

Merged
merged 6 commits into from
Jun 4, 2022
Merged

feat (service): Auto-create projects when using GitHub actions #103

merged 6 commits into from
Jun 4, 2022

Conversation

LironEr
Copy link
Owner

@LironEr LironEr commented Jun 3, 2022
edited

This PR introduces an automatic way to create a project if your repo is a public repo hosted on GitHub using GitHub Actions, it will be integrated into BundleMon CLI soon.

Currently, if BundleMon GitHub app is installed for your repo, you can create GitHub outputs by using project API key, which due to recent finds, may be exploited.

In the near future, this option will be removed.

You will be able to create GitHub outputs by using one of the options:

  1. Providing GitHub access token.
  2. Have the BundleMon GitHub app installed and run BundleMon CLI in GitHub actions.
Create BundleMon record Create GitHub output (pr comment / commit status / check run)
Public GitHub repo using GitHub Actions API key / verify GitHub action is running by using BundleMon GitHub App API key / verify GitHub action is running by using BundleMon GitHub App
API key is now deprecated
Private GitHub repo using Github Actions API key

After updating BundleMon GitHub app permissions, you will be able to create records without API key		 API key

After updating BundleMon GitHub app permissions, you will be able to create records without an API key or provide GitHub token
GitHub repo using other CI provider (like Travis) API key API key

Will be replaced by sending GitHub token

@bundlemon
Copy link

bundlemon bot commented Jun 3, 2022
edited

BundleMon

Files updated (3)
Status Path Size Limits
CreateProjectPage.(hash).js
 11.51KB (+44B +0.37%) -
ReportPage.(hash).js
 16.44KB (+44B +0.26%) -
ReportsPage.(hash).js
 17.1KB (+44B +0.25%) -
Unchanged files (9)
Status Path Size Limits
321.(hash).js
 389.85KB -
main.(hash).js
 277.29KB -
85.(hash).js
 79.54KB -
474.(hash).js
 69.05KB -
635.(hash).js
 64.98KB -
677.(hash).js
 51.69KB -
708.(hash).js
 11.37KB -
ReportsChart.(hash).js
 5.79KB -
index.html
 756B -

Total files change +132B +0.01%

Groups updated (1)
Status Path Size Limits
**/*.js
 994.62KB (+132B +0.01%) -
Unchanged groups (1)
Status Path Size Limits
**/*.png
 370.53KB -

Final result: ✅

View report in BundleMon website ➡️

Current branch size history | Target branch size history

@codecov-commenter
Copy link

Codecov Report

Merging #103 (1b03a5e) into master (a323172) will increase coverage by 0.36%.
The diff coverage is 51.43%.

@@            Coverage Diff             @@
##           master     #103      +/-   ##
==========================================
+ Coverage   56.41%   56.77%   +0.36%     
==========================================
  Files          53       59       +6     
  Lines        1294     1446     +152     
  Branches      266      290      +24     
==========================================
+ Hits          730      821      +91     
- Misses        564      625      +61
Impacted Files Coverage Δ
packages/bundlemon/src/common/service.ts 17.24% <0.00%> (ø)
service/src/framework/github.ts 12.03% <12.00%> (-1.45%) ⬇️
service/src/controllers/legacyGithubController.ts 13.04% <13.04%> (ø)
service/src/controllers/githubController.ts 14.81% <17.02%> (+3.42%) ⬆️
service/src/controllers/utils/githubOutputs.ts 17.85% <17.85%> (ø)
service/src/utils/reportUtils.ts 60.00% <60.00%> (ø)
service/src/framework/mongo/client.ts 89.47% <89.47%> (ø)
service/src/controllers/utils/auth.ts 95.45% <95.00%> (+53.78%) ⬆️
service/src/framework/mongo/projects.ts 95.00% <95.00%> (ø)
packages/bundlemon-utils/src/consts.ts 100.00% <100.00%> (ø)
... and 11 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a323172...1b03a5e. Read the comment docs.

@LironEr LironEr marked this pull request as ready for review June 4, 2022 07:25
@LironEr LironEr merged commit 25c9f74 into master Jun 4, 2022
@LironEr LironEr deleted the service-v2 branch June 4, 2022 07:52
@LironEr LironEr mentioned this pull request Aug 6, 2022
Merged
LironEr added a commit that referenced this pull request Aug 13, 2022
@LironEr
BREAKING CHANGE: use new auth (#117)
2ef66c9 
related: #103
This PR introduces an automatic way to create a project if your repo is hosted on GitHub and using GitHub Actions.
Currently, if BundleMon GitHub app is installed for your repo, you can create GitHub outputs by using project API key, which due to recent finds, may be exploited.
After the release of BundleMon CLI v2, v1 will be deprecated and will stop working in a few months.
Create GitHub outputs by using one of the options:

Providing GitHub access token.
Have the BundleMon GitHub app installed and run BundleMon CLI in GitHub actions.
@LironEr LironEr changed the title feat (service): Auto-create project for public GitHub repos feat (service): Auto-create projects when using GitHub actions Aug 20, 2022
@Falke-Design Falke-Design mentioned this pull request Nov 20, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@LironEr @codecov-commenter