From a59e1cce80d8496e573c9d264ab47298b742ba74 Mon Sep 17 00:00:00 2001
From: Eric <eashaw@sailsjs.com>
Date: Mon, 5 Dec 2022 13:58:21 -0600
Subject: [PATCH] Website: Add support for confidential repo to Github webhook
 (#8654)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* add confidentialGithubRepoDRIByPath to custom config

* Add support for the confidential repo to receive-from-github & get-is-pr-preapproved

* Update confidential repo DRIs

* remove no longer relevant folder

* Fix lint

* repository » repo

Co-authored-by: Mike McNeil <mikermcneil@users.noreply.github.com>
---
 .../webhooks/receive-from-github.js           |  7 +++++--
 .../get-is-pr-preapproved.js                  | 12 ++++++++---
 website/config/custom.js                      | 20 +++++++++++++++++++
 3 files changed, 34 insertions(+), 5 deletions(-)

diff --git a/website/api/controllers/webhooks/receive-from-github.js b/website/api/controllers/webhooks/receive-from-github.js
index b9ba9c931890..c9e2bbcbb84b 100644
--- a/website/api/controllers/webhooks/receive-from-github.js
+++ b/website/api/controllers/webhooks/receive-from-github.js
@@ -242,12 +242,15 @@ module.exports = {
 
         // Check whether auto-approval is warranted.
         let isAutoApproved = await sails.helpers.githubAutomations.getIsPrPreapproved.with({
+          repo: repo,
           prNumber: prNumber,
           githubUserToCheck: sender.login,
           isGithubUserMaintainerOrDoesntMatter: GITHUB_USERNAMES_OF_BOTS_AND_MAINTAINERS.includes(sender.login.toLowerCase())
         });
-
-        let isHandbookPR = await sails.helpers.githubAutomations.getIsPrOnlyHandbookChanges.with({prNumber: prNumber});
+        let isHandbookPR = false;
+        if(repo === 'fleet'){
+          isHandbookPR = await sails.helpers.githubAutomations.getIsPrOnlyHandbookChanges.with({prNumber: prNumber});
+        }
 
         // Check whether the "main" branch is currently frozen (i.e. a feature freeze)
         // [?] https://docs.mergefreeze.com/web-api#get-freeze-status
diff --git a/website/api/helpers/github-automations/get-is-pr-preapproved.js b/website/api/helpers/github-automations/get-is-pr-preapproved.js
index 88c353c59e37..0783d50b8160 100644
--- a/website/api/helpers/github-automations/get-is-pr-preapproved.js
+++ b/website/api/helpers/github-automations/get-is-pr-preapproved.js
@@ -8,6 +8,7 @@ module.exports = {
 
 
   inputs: {
+    repo: { type: 'string', example: 'fleet', required: true, isIn: ['fleet', 'confidential']},
     prNumber: { type: 'number', example: 382, required: true },
     githubUserToCheck: { type: 'string', example: 'mikermcneil', description: 'If excluded, then this returns `true` if all of the PRs changed paths are preapproved for SOMEONE.' },
     isGithubUserMaintainerOrDoesntMatter: { type: 'boolean', required: true, description: 'Whether (a) the user is a maintainer, or (b) it even matters for this check whether the user is a maintainer.' },// FUTURE: « this could be replaced with an extra GitHub API call herein, but doesn't seem worth it
@@ -25,16 +26,21 @@ module.exports = {
   },
 
 
-  fn: async function ({prNumber, githubUserToCheck, isGithubUserMaintainerOrDoesntMatter}) {
+  fn: async function ({repo, prNumber, githubUserToCheck, isGithubUserMaintainerOrDoesntMatter}) {
 
     require('assert')(sails.config.custom.githubRepoDRIByPath);
+    require('assert')(sails.config.custom.confidentialGithubRepoDRIByPath);
     require('assert')(sails.config.custom.githubAccessToken);
 
     let DRI_BY_PATH = sails.config.custom.githubRepoDRIByPath;
+
+    if (repo === 'confidential') {
+      DRI_BY_PATH = sails.config.custom.confidentialGithubRepoDRIByPath;
+    }
+
     let owner = 'fleetdm';
-    let repo = 'fleet';
     let baseHeaders = {
-      'User-Agent': 'sails run freeze-open-pull-requests',
+      'User-Agent': 'Fleet auto-approve',
       'Authorization': `token ${sails.config.custom.githubAccessToken}`
     };
 
diff --git a/website/config/custom.js b/website/config/custom.js
index ff7d28d35c2e..bfa96871655c 100644
--- a/website/config/custom.js
+++ b/website/config/custom.js
@@ -128,6 +128,26 @@ module.exports.custom = {
     'docs/01-Using-Fleet/standard-query-library/standard-query-library.yml': ['guillaumeross','zhumo','eashaw','zwass'],// (standard query library)
     'schema/': ['guillaumeross','zhumo','eashaw','zwass'],// (standard query library)
   },
+  confidentialGithubRepoDRIByPath: {
+    'readme.md': ['mikermcneil', 'zwass'],
+    // GitHub issue templates
+    '.github/ISSUE_TEMPLATE': ['mikermcneil', 'zwass'],
+    '.github/ISSUE_TEMPLATE/2-website-changes.md': 'mike-j-thomas',
+    '.github/ISSUE_TEMPLATE/3-opportunity Fleet Premium PoV.md': 'alexmitchelliii',
+    '.github/ISSUE_TEMPLATE/3-sale.md': 'alexmitchelliii',
+    '.github/ISSUE_TEMPLATE/4-release.md': 'noahtalerman',
+    '.github/ISSUE_TEMPLATE/5-monthly-accounting.md': 'hollidayn',
+    '.github/ISSUE_TEMPLATE/6-speaking-event.md': 'mike-j-thomas',
+    '.github/ISSUE_TEMPLATE/9-renewal-process.md': ['hollidayn', 'alexmitchelliii'],
+    '.github/ISSUE_TEMPLATE/hiring.md': 'charlottechance',
+    '.github/ISSUE_TEMPLATE/onboarding.md': 'charlottechance',
+    '.github/ISSUE_TEMPLATE/y-offboarding.md': 'charlottechance',
+    '.github/ISSUE_TEMPLATE/equity-grants.md': ['charlottechance','hollidayn'],
+
+    // Folders of configuration files
+    'mdm_profiles': 'guillaumeross',
+    'vpn': 'rfairburn',
+  },
 
 
   /***************************************************************************