Enable actions if code scanning is enabled? #48
Conversation
src/utils/enableActions.ts
Outdated
| } | ||
| ); | ||
|
|
||
| if (status !== 204) { |
There was a problem hiding this comment.
What happens if actions are already enabled? 🤔
Does this throw a 204 even if actions are already enabled?
There was a problem hiding this comment.
Yes, 204 even if actions are already enabled.
|
Thanks for submitting the PR 👍 Overall, I am good with this, but it is going to be "another API call", and I am cautious about adding more API calls. Are there any GraphQL API calls to do this? 🤔 I am trying to think of a more efficient way of doing this 👁️ 🤔 tl;dr I wanted to clean up a few of the API calls being made here, as a few of them are wasted. E.G it annoys me that we first don't make a graphql API call to get information about the repository, e.g.
I almost want to make a GET request which checks to see if these are already enabled, and only make the The problem I see is people want to enable GHAS, secret scanning on 1000 repos, and when they run the script 300 of them already have everything enabled. It's such a wasted API call to go and enable things again 🤔 So I think a The reason why I say this is because the above would fall into this category 💯 I am also trying to move my API calls to GraphQL 🙃 Just wanted to share my thoughts 👀 not saying no to this, just wanted to share my thoughts. |
|
Totally on the same page here!
Totally - running with a GitHub app should help with large runs but might still run up against the rate limit.
Not that I could find 😢
This seems like the preferred route - but wouldn't that result in possibly an additional API call? (up to 2 calls per repo, minimum 1, vs 1?) |
|
I think this issue is closed, right? I thought Action are being enabled with the script in it's current state. |
|
@joshjohanning I am thinking about getting this merged based on some feedback; when you get a second, is there any chance we could maybe get this back alive again 🙇 |
|
I'll take a look! 👀 |
@benhorgen @NickLiffen super long delay. I still think this is a (small) issue, and maybe more related to how I was testing this, but it's possible depending on how people have their GitHub repositories set up or migrated in, they could have the same issue. Repro steps:
I did test this code again, and it does still work by creating actions (see the actions line in the log below) |
|
I changed this to be less prescriptive (ie: automatically enable actions if code scanning is enabled) and instead broke it out to a separate switch. Is this more preferred? What do we think? [
{
"login": "joshjohanning-ghas-enablement",
"repos": [
{
"enableDependabot": true,
"enableDependabotUpdates": true,
"enableSecretScanning": true,
"enableCodeScanning": true,
"enablePushProtection": true,
"enableActions": true,
"primaryLanguage": "javascript",
"createIssue": true,
"repo": "joshjohanning-ghas-enablement/webgoat-import-2"
}
]
}
]Not sure if we want to make the switch something more specific like |
|
@joshjohanning I like this approach and sounds good 🙇 |
|
@NickLiffen great, anything else we want to check/test/verify/review before merging (I think the button is on you 😄 ⏯️ ) |
I ran into a situation where I had imported/migrated a couple of repositories and actions were disabled by default, so when the the code scanning workflow file was pushed, the workflow never ran.
Would it make sense to attempt to enable Actions on the repositories it pushes a code scanning file? It adds another API call, not sure if worth it or not. Perhaps it would have other unintended consequences.
I debated on whether submitting this as a PR or not; feel free to reject/suggest changes. Perhaps there's some middle ground where maybe this is just another option/flag on the run.