Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Environment reviewers must have at least one reviewer to set prevent_self_review #628

Open
gregnrobinson opened this issue May 14, 2024 · 0 comments
Open

Environment reviewers must have at least one reviewer to set prevent_self_review #628

gregnrobinson opened this issue May 14, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@gregnrobinson
Copy link

gregnrobinson commented May 14, 2024
edited
Loading

Problem Description

 
When creating environments that have reviewers set and the prevent_self_review setting to true, safe-settings does not process all environments correctly when first creating the environments and complains that the reviewer's section is not set even though it is configured correctly. On the second pass, it will create the rest of the prod environment which failed to provision correctly.
 

What is actually happening

 
Safe settings will create the three environments with no reviewers and then error out on the prod environment leaving it partially provisioned. The pod running safe-settings will restart and when restarted it will finish provisioning the prod environment correctly.
 

What is the expected behavior

 
Safe settings should create all the environments when triggered to do so without any errors or pod restarts.
 

Error output, if available

 

Error HttpError: Failed to create or update the environment protection rule. Required reviewers must have at least one reviewer to set prevent_self_review. in Environments for repo: {"owner":"XXX","repo":"XXXXXXX","branch":"master"} entries [{"name":"dev","wait_timer":0,"prevent_self_review":false,"reviewers":[],"deployment_branch_policy":{"protected_branches":false,"custom_branch_policies":[]},"variables":[{"name":"base_environment","value":"DEV"}],"deployment_protection_rules":[]},{"name":"qat","wait_timer":0,"prevent_self_review":false,"reviewers":[],"deployment_branch_policy":{"protected_branches":false,"custom_branch_policies":[]},"variables":[{"name":"base_environment","value":"QAT"}],"deployment_protection_rules":[]},{"name":"uat","wait_timer":0,"prevent_self_review":false,"reviewers":[],"deployment_branch_policy":{"protected_branches":false,"custom_branch_policies":[]},"variables":[{"name":"base_environment","value":"UAT"}],"deployment_protection_rules":[]},{"name":"prod","wait_timer":0,"prevent_self_review":true,"reviewers":[{"type":"Team","id":17632}],"deployment_branch_policy":{"protected_branches":true,"custom_branch_policies":false},"variables":[{"name":"base_environment","value":"PROD"}],"deployment_protection_rules":[]}]

 

Context

 
When we first started configuring environments we noticed there were a lot of errors related to attributes like variables, deployment_protection_rules and custom_branch_policies not being iterable or simply not having these attributes declared in the configuration causing various errors. So the final configuration we landed on was the one below which declares all the settings and if we do not want to apply those settings we leave the value with [].

This configuration works well except now we get unexpected behaviour where upon creating the environments safe-settings complains that Required reviewers must have at least one reviewer to set prevent_self_review. This would be for the prod environment.

Environments suborg configuration

environments:
  - name: dev
    wait_timer: 0
    prevent_self_review: false
    reviewers: []
    deployment_branch_policy:
      protected_branches: false
      custom_branch_policies: []
    variables:
      - name: BASE_ENVIRONMENT
        value: DEV
    deployment_protection_rules: []
  - name: qat
    wait_timer: 0
    prevent_self_review: false
    reviewers: []
    deployment_branch_policy:
      protected_branches: false
      custom_branch_policies: []
    variables:
      - name: BASE_ENVIRONMENT
        value: QAT
    deployment_protection_rules: []
  - name: uat
    wait_timer: 0
    prevent_self_review: false
    reviewers: []
    deployment_branch_policy:
      protected_branches: false
      custom_branch_policies: []
    variables:
      - name: BASE_ENVIRONMENT
        value: UAT
    deployment_protection_rules: []
  - name: prod
    wait_timer: 0
    prevent_self_review: true
    reviewers:
      - type: Team
        id: 17632
    deployment_branch_policy:
      protected_branches: true
      custom_branch_policies: false
    variables:
      - name: BASE_ENVIRONMENT
        value: PROD
    deployment_protection_rules: []

 

Are you using the hosted instance of probot/settings or running your own?

 
Running safe settings on AKS with ingress for webhook.
 

If running your own instance, are you using it with github.com or GitHub Enterprise?

 
GitHub Enterprise Server
 

Version of probot/settings

 
Running Probot v12.3.3 (Node.js: v16.20.2)
 

Version of GitHub Enterprise

 
GitHub Enterprise Server 3.12.2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gregnrobinson