Website: Add support for confidential repo to Github webhook (#8654)

* add confidentialGithubRepoDRIByPath to custom config * Add support for the confidential repo to receive-from-github & get-is-pr-preapproved * Update confidential repo DRIs * remove no longer relevant folder * Fix lint * repository » repo Co-authored-by: Mike McNeil <[email protected]>
fleetdm · Dec 5, 2022 · a59e1cc · a59e1cc
1 parent 8dbbfa1
commit a59e1cc
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 5 deletions.
diff --git a/website/api/controllers/webhooks/receive-from-github.js b/website/api/controllers/webhooks/receive-from-github.js
@@ -242,12 +242,15 @@ module.exports = {
 
         // Check whether auto-approval is warranted.
         let isAutoApproved = await sails.helpers.githubAutomations.getIsPrPreapproved.with({
+          repo: repo,
           prNumber: prNumber,
           githubUserToCheck: sender.login,
           isGithubUserMaintainerOrDoesntMatter: GITHUB_USERNAMES_OF_BOTS_AND_MAINTAINERS.includes(sender.login.toLowerCase())
         });
-
-        let isHandbookPR = await sails.helpers.githubAutomations.getIsPrOnlyHandbookChanges.with({prNumber: prNumber});
+        let isHandbookPR = false;
+        if(repo === 'fleet'){
+          isHandbookPR = await sails.helpers.githubAutomations.getIsPrOnlyHandbookChanges.with({prNumber: prNumber});
+        }
 
         // Check whether the "main" branch is currently frozen (i.e. a feature freeze)
         // [?] https://docs.mergefreeze.com/web-api#get-freeze-status

diff --git a/website/api/helpers/github-automations/get-is-pr-preapproved.js b/website/api/helpers/github-automations/get-is-pr-preapproved.js
@@ -8,6 +8,7 @@ module.exports = {
 
 
   inputs: {
+    repo: { type: 'string', example: 'fleet', required: true, isIn: ['fleet', 'confidential']},
     prNumber: { type: 'number', example: 382, required: true },
     githubUserToCheck: { type: 'string', example: 'mikermcneil', description: 'If excluded, then this returns `true` if all of the PRs changed paths are preapproved for SOMEONE.' },
     isGithubUserMaintainerOrDoesntMatter: { type: 'boolean', required: true, description: 'Whether (a) the user is a maintainer, or (b) it even matters for this check whether the user is a maintainer.' },// FUTURE: « this could be replaced with an extra GitHub API call herein, but doesn't seem worth it
@@ -25,16 +26,21 @@ module.exports = {
   },
 
 
-  fn: async function ({prNumber, githubUserToCheck, isGithubUserMaintainerOrDoesntMatter}) {
+  fn: async function ({repo, prNumber, githubUserToCheck, isGithubUserMaintainerOrDoesntMatter}) {
 
     require('assert')(sails.config.custom.githubRepoDRIByPath);
+    require('assert')(sails.config.custom.confidentialGithubRepoDRIByPath);
     require('assert')(sails.config.custom.githubAccessToken);
 
     let DRI_BY_PATH = sails.config.custom.githubRepoDRIByPath;
+
+    if (repo === 'confidential') {
+      DRI_BY_PATH = sails.config.custom.confidentialGithubRepoDRIByPath;
+    }
+
     let owner = 'fleetdm';
-    let repo = 'fleet';
     let baseHeaders = {
-      'User-Agent': 'sails run freeze-open-pull-requests',
+      'User-Agent': 'Fleet auto-approve',
       'Authorization': `token ${sails.config.custom.githubAccessToken}`
     };
 

diff --git a/website/config/custom.js b/website/config/custom.js
@@ -128,6 +128,26 @@ module.exports.custom = {
     'docs/01-Using-Fleet/standard-query-library/standard-query-library.yml': ['guillaumeross','zhumo','eashaw','zwass'],// (standard query library)
     'schema/': ['guillaumeross','zhumo','eashaw','zwass'],// (standard query library)
   },
+  confidentialGithubRepoDRIByPath: {
+    'readme.md': ['mikermcneil', 'zwass'],
+    // GitHub issue templates
+    '.github/ISSUE_TEMPLATE': ['mikermcneil', 'zwass'],
+    '.github/ISSUE_TEMPLATE/2-website-changes.md': 'mike-j-thomas',
+    '.github/ISSUE_TEMPLATE/3-opportunity Fleet Premium PoV.md': 'alexmitchelliii',
+    '.github/ISSUE_TEMPLATE/3-sale.md': 'alexmitchelliii',
+    '.github/ISSUE_TEMPLATE/4-release.md': 'noahtalerman',
+    '.github/ISSUE_TEMPLATE/5-monthly-accounting.md': 'hollidayn',
+    '.github/ISSUE_TEMPLATE/6-speaking-event.md': 'mike-j-thomas',
+    '.github/ISSUE_TEMPLATE/9-renewal-process.md': ['hollidayn', 'alexmitchelliii'],
+    '.github/ISSUE_TEMPLATE/hiring.md': 'charlottechance',
+    '.github/ISSUE_TEMPLATE/onboarding.md': 'charlottechance',
+    '.github/ISSUE_TEMPLATE/y-offboarding.md': 'charlottechance',
+    '.github/ISSUE_TEMPLATE/equity-grants.md': ['charlottechance','hollidayn'],
+
+    // Folders of configuration files
+    'mdm_profiles': 'guillaumeross',
+    'vpn': 'rfairburn',
+  },
 
 
   /***************************************************************************