Environments configured at suborg cause error in repository configuration in .github/repos #611
Description
Problem Description
When creating a specific repository yaml file for a repo in ./github/repos that has environments provisioned at the suborg level, an error appears for the repository with the message below.
Error HttpError: Resource not accessible by integration in Environments for repo: {"owner":"rbc-internal","repo":"0Z50_backend"} entries [{"name":"development","wait_timer":0,"prevent_self_review":true,"reviewers":[{"type":"Team","id":566}],"deployment_branch_policy":{"protected_branches":true,"custom_branch_policies":false}},{"name":"qa","wait_timer":0,"prevent_self_review":true,"reviewers":[{"type":"Team","id":567}],"deployment_branch_policy":{"protected_branches":true,"custom_branch_policies":false}},{"name":"production","wait_timer":0,"prevent_self_review":true,"reviewers":[{"type":"Team","id":568}],"deployment_branch_policy":{"protected_branches":true,"custom_branch_policies":false}}]The yaml definition used for ./github/suborgs/XXXX.yaml is:
suborgrepos:
- XXXX*
suborgteams:
- APP_XXXX_DevUser
- APP_XXXX_QAUser
- APP_XXXX_ProdUser
- APP_XXXX_ReadUser
- APP_XXXX_DevAdminUser
repository:
auto_init: true
topics:
- XXXX
private: false
visibility: public
has_issues: true
has_projects: true
has_wiki: true
default_branch: main
gitignore_template: node
license_template: mit
allow_squash_merge: true
allow_merge_commit: true
allow_rebase_merge: true
allow_auto_merge: true
delete_branch_on_merge: true
allow_update_branch: true
labels:
- name: XXXX
color: CC0000
description: Appcode associated with the repositories.
- name: bug
color: CC0000
description: An issue with the system
- name: feature
color: '#336699'
description: New functionality.
teams:
- name: APP_XXXX_DevUser
permission: dev_user
- name: APP_XXXX_QAUser
permission: push
- name: APP_XXXX_ProdUser
permission: admin
- name: APP_XXXX_ReadUser
permission: push
- name: APP_XXXX_DevAdminUser
permission: admin
environments:
- name: development
wait_timer: 0
prevent_self_review: true
reviewers:
- type: Team
id: 1914
deployment_branch_policy:
protected_branches: true
custom_branch_policies: false
- name: qa
wait_timer: 0
prevent_self_review: true
reviewers:
- type: Team
id: 1915
deployment_branch_policy:
protected_branches: true
custom_branch_policies: false
- name: production
wait_timer: 0
prevent_self_review: true
reviewers:
- type: Team
id: 1916
deployment_branch_policy:
protected_branches: true
custom_branch_policies: false
branches:
- name: default
protection:
required_pull_request_reviews:
required_approving_review_count: 2
dismiss_stale_reviews: true
require_code_owner_reviews: true
require_last_push_approval: true
bypass_pull_request_allowances:
apps: []
users: []
teams: []
dismissal_restrictions:
users: []
teams: [APP_XXXX_DevUser]
required_status_checks:
strict: true
contexts: []
enforce_admins: true
restrictions:
apps: []
users: []
teams: []The yaml definition I used for ./github/repos/XXXX_backend.yml is:
repository:
name: XXXX_backend
topics:
- XXXX
visibility: privateIf I add the environments explicitly to the ./github/repos/XXXX_backend.yml file the same error persists.
If I remove the environments section in .github/suborgs/XXXX.yml suborg and in .github/repos/XXXX_backend.yml, safe-settings succeeds for both the suborg configurations and specific repository override definition in .github/repos/XXXX_backend.yml.
If the environments block is referenced in the suborg yaml, it will always error when a specific repository yaml file is added to to ./github/repos folder for that specific repo override in ./github/repos. The error appears when the suborg also matches the specific repo override file in ./github/repos.
If the suborg yaml for XXXX* does not have an environments block declared, the file in ./github/repos folder will succeed for that suborg.
What is actually happening
safe-settings returns an error when there are environments configured at the suborg level.
What is the expected behavior
The suborg should provision most of the configuration for the repositories and for this use case, we only want to override repository visibility on a few repositories.
Error output, if available
Error HttpError: Resource not accessible by integration in Environments for repo: {"owner":"rbc-internal","repo":"0Z50_backend"} entries [{"name":"development","wait_timer":0,"prevent_self_review":true,"reviewers":[{"type":"Team","id":566}],"deployment_branch_policy":{"protected_branches":true,"custom_branch_policies":false}},{"name":"qa","wait_timer":0,"prevent_self_review":true,"reviewers":[{"type":"Team","id":567}],"deployment_branch_policy":{"protected_branches":true,"custom_branch_policies":false}},{"name":"production","wait_timer":0,"prevent_self_review":true,"reviewers":[{"type":"Team","id":568}],"deployment_branch_policy":{"protected_branches":true,"custom_branch_policies":false}}]Context
Are you using the hosted instance of probot/settings or running your own?
Running safe settings on AKS with ingress for webhook.
If running your own instance, are you using it with github.com or GitHub Enterprise?
GitHub Enterprise
Version of probot/settings
Running Probot v12.3.3 (Node.js: v16.20.2)
Version of GitHub Enterprise
GitHub Enterprise Server 3.11