Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BREAKING: Remove opt-in repo configuration #833

Merged
merged 1 commit into from
Jan 2, 2024
Merged

BREAKING: Remove opt-in repo configuration #833

merged 1 commit into from
Jan 2, 2024

Conversation

klutchell
Copy link
Collaborator

@klutchell klutchell commented Dec 19, 2023
edited

Allowing Flowzone to make repo configuration changes
via administrator tokens effectively grants any user with
write permissions the ability to make admin changes.

Repo configuration should be handled outside of the CI
context where administrator permissions can be granted to
a central authority only.

This is a breaking change for repos that previously opted into these settings.
This workflow will not run unless the calling workflow omits the related inputs.

Change-type: major
See: https://balena.fibery.io/Work/Improvement/Move-repo-config-out-of-Flowzone-CI-1388
See: https://balena.fibery.io/Work/Project/Host-the-safe-settings-GitHub-App-for-repository-management-190

Resolves: #729

@klutchell
Copy link
Collaborator Author

klutchell commented Dec 19, 2023
edited

62 repositories appear to be affected, some of them external to balena orgs. We should PR these to remove the inputs before merging the breaking change.

e.g. balena-io/etcher#4148

@klutchell klutchell changed the title Remove opt-in repo configuration BREAKING: Remove opt-in repo configuration Dec 19, 2023
klutchell added a commit to balena-io/etcher that referenced this pull request Dec 19, 2023
@klutchell
Remove repo config from flowzone.yml
33736ef 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
klutchell added a commit to balena-io/etcher that referenced this pull request Dec 19, 2023
@klutchell
Remove repo config from flowzone.yml
44fe7f2 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
klutchell added a commit to people-os/support-shift-scheduler that referenced this pull request Dec 19, 2023
@klutchell
Remove repo config from flowzone.yml
e23a3cf 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
@klutchell klutchell mentioned this pull request Dec 19, 2023
Merged
klutchell added a commit to balena-io/renovate-config that referenced this pull request Dec 19, 2023
@klutchell
Remove repo config from flowzone.yml
605e959 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
@klutchell klutchell mentioned this pull request Dec 19, 2023
Merged
klutchell added a commit to balena-io-experimental/balena-k3s that referenced this pull request Dec 19, 2023
@klutchell
Remove repo config from flowzone.yml
33890ec 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
@klutchell klutchell mentioned this pull request Dec 19, 2023
Merged
klutchell added a commit to balena-io/etcher that referenced this pull request Dec 19, 2023
@klutchell
Remove repo config from flowzone.yml
a383f47 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
klutchell added a commit to people-os/support-shift-scheduler that referenced this pull request Dec 19, 2023
@klutchell
Remove repo config from flowzone.yml
1b1b25c 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
klutchell added a commit to balena-io/renovate-config that referenced this pull request Dec 19, 2023
@klutchell
Remove repo config from flowzone.yml
76b7724 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
klutchell added a commit to balena-io-experimental/balena-k3s that referenced this pull request Dec 19, 2023
@klutchell
Remove repo config from flowzone.yml
dc9b684 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
klutchell added a commit to balena-io-modules/resin-cli-visuals that referenced this pull request Dec 19, 2023
@klutchell
Remove repo config from flowzone.yml
741709b 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
@klutchell klutchell mentioned this pull request Dec 19, 2023
Merged
klutchell added a commit to balena-os/balena-sign that referenced this pull request Dec 19, 2023
@klutchell
Remove repo config from flowzone.yml
ae64065 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
@klutchell klutchell mentioned this pull request Dec 19, 2023
Merged
klutchell added a commit to balena-io/autohat-ondevice that referenced this pull request Dec 19, 2023
@klutchell
Remove repo config from flowzone.yml
93aa43b 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
@klutchell klutchell mentioned this pull request Dec 19, 2023
Merged
klutchell added a commit to balena-os/cloud-config that referenced this pull request Dec 19, 2023
@klutchell
Remove repo config from flowzone.yml
221d38f 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
This was referenced Dec 19, 2023
Merged
Merged
klutchell added a commit to balena-io-modules/balena-image-fs that referenced this pull request Dec 19, 2023
@klutchell
Remove repo config from flowzone.yml
2ad37d4 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
@klutchell klutchell mentioned this pull request Dec 19, 2023
Merged
klutchell added a commit to balena-io-library/base-images that referenced this pull request Dec 19, 2023
@klutchell
Remove repo config from flowzone.yml
e08e54a 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
klutchell added a commit to balena-io-modules/drivelist that referenced this pull request Dec 19, 2023
@klutchell
Remove repo config from flowzone.yml
dbb725e 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
@klutchell klutchell mentioned this pull request Dec 19, 2023
Merged
klutchell added a commit to product-os/renovate-config that referenced this pull request Dec 19, 2023
@klutchell
Remove repo config from flowzone.yml
5248fa1 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
@klutchell klutchell mentioned this pull request Dec 19, 2023
Merged
klutchell added a commit to balena-io/sshproxy that referenced this pull request Dec 19, 2023
@klutchell
Remove repo config from flowzone.yml
8a175be 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
@klutchell klutchell mentioned this pull request Dec 19, 2023
Merged
klutchell added a commit to balena-io-modules/node-qmp that referenced this pull request Dec 19, 2023
@klutchell
Remove repo config from flowzone.yml
0b58ef7 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
@klutchell klutchell mentioned this pull request Dec 19, 2023
Merged
klutchell added a commit to balena-io/etcher that referenced this pull request Dec 19, 2023
@klutchell
Remove repo config from flowzone.yml
2b63fbe 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
klutchell added a commit to people-os/support-shift-scheduler that referenced this pull request Dec 19, 2023
@klutchell
Remove repo config from flowzone.yml
5abf0c6 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
klutchell added a commit to balena-io-modules/drivelist that referenced this pull request Dec 19, 2023
@klutchell
Remove repo config from flowzone.yml
fa55e1a 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
klutchell added a commit to balena-os/gazette that referenced this pull request Dec 19, 2023
@klutchell
Remove repo config from flowzone.yml
e81dadf 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
@klutchell klutchell mentioned this pull request Dec 19, 2023
Merged
klutchell added a commit to product-os/policy-bot that referenced this pull request Dec 19, 2023
@klutchell
Remove repo config from flowzone.yml
039b8ee 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
@klutchell klutchell mentioned this pull request Dec 19, 2023
Merged
klutchell added a commit to balena-io-experimental/balena-firecracker that referenced this pull request Dec 19, 2023
@klutchell
Remove repo config from flowzone.yml
e9e39ca 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
@klutchell klutchell mentioned this pull request Dec 19, 2023
Merged
klutchell added a commit to product-os/policies that referenced this pull request Dec 19, 2023
@klutchell
Remove repo config from flowzone.yml
66d7f06 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
@klutchell klutchell mentioned this pull request Dec 19, 2023
Merged
klutchell added a commit to balena-io-modules/etcher-sdk that referenced this pull request Dec 19, 2023
@klutchell
Remove repo config from flowzone.yml
d9c3b3e 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
This was referenced Dec 19, 2023
Merged
Closed
klutchell added a commit to product-os/policy-bot that referenced this pull request Dec 20, 2023
@klutchell
Remove repo config from flowzone.yml
b7b61ac 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
klutchell added a commit to balena-io/etcher that referenced this pull request Dec 20, 2023
@klutchell
Remove repo config from flowzone.yml
ecb24da 
This functionality is being deprecated in Flowzone.

See: product-os/flowzone#833

Change-type: patch
Signed-off-by: Kyle Harding <kyle@balena.io>
@klutchell
BREAKING: Remove opt-in repo configuration
f90ec21 
Allowing Flowzone to make repo configuration changes
via administrator tokens effectively grants any user with
write permissions the ability to make admin changes.

Repo configuration should be handled outside of the CI
context where administrator permissions can be granted to
a central authority only.

This is a breaking change for repos that previously opted into these settings.
This workflow will not run unless the calling workflow omits the related inputs.

Change-type: major
Signed-off-by: Kyle Harding <kyle@balena.io>
@klutchell klutchell marked this pull request as ready for review January 2, 2024 14:20
@klutchell klutchell requested a review from ab77 January 2, 2024 14:20
@flowzone-app flowzone-app bot enabled auto-merge January 2, 2024 14:21
@flowzone-app flowzone-app bot merged commit 7350efe into master Jan 2, 2024
74 checks passed
@flowzone-app flowzone-app bot deleted the kyle/remove-repo-config branch January 2, 2024 15:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ab77 ab77 ab77 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Repo description with a single quote in the name causes an error
2 participants
@klutchell @ab77