Comments (4)
bluekeyes
commented on May 27, 2024
1
If I understand your setup correctly, you are also using private repositories and in this case, remote policies will only work if the remote policy is in a private repository in the same organization as the repository referencing the policy. I think the errors you are seeing (when referencing a policy in a different organization) are expected, but you can set the logging level to debug in the server configuration to enable additional logging.
While it's definitely possible to refactor the code so that the correct organization client is used when fetching policies, I don't think we'll implement this in the near future given other priorities. But we're happy to review PRs if you'd like to try adding it yourself.
from policy-bot.
bluekeyes
commented on May 27, 2024
When you say that "everything is private" do you mean that your GitHub Enterprise instance is in private mode (you must authenticate to see any content) or that all repositories are private (even if you are authenticated, you can only see repositories where you have permission)?
If you are using "private mode", Policy Bot will work fine with remote policies; this is how we run it internally.
If you are using actual private repositories, I believe Policy Bot already supports reading from private repositories in the same organization. I haven't tested this, but the code uses an authenticated organization client when fetching configuration. This requires that the app is enabled for the target repository (or for all repositories in the organization.)
Private repositories in other organizations are not supported. While we could support this if Policy Bot is installed on the target organization, it makes the code more complicated and I'm not sure it is required.
from policy-bot.
NargiT
commented on May 27, 2024
we use it in "private mode" and with "private permission". But we are working in multiple organizations and policy bot is already installed in all of them. This feature is already supported by "has_contributor_in:" that why I though it would not be a problem for remote policy.
In our case we have multiple organizations because we manage a lot of thing automatically and we do not want to mix "developer friendly" repo vs "robot friendly" repo.
Do you think it would be possible to integrate this feature?
from policy-bot.
NargiT
commented on May 27, 2024
Little clarification: https://github.com/palantir/policy-bot#remote-policy-configuration
I am talking about this case
If you are using "private mode", Policy Bot will work fine with remote policies; this is how we run it internally.
Maybe another permission is required ? Is there a way to run policy bot in verbose/debug mode to see this kind of errors ?
from policy-bot.
Related Issues (20)
- Unexpected Failure status check added in shared org HOT 1
- Option to require all changed files be evaluated by a rule HOT 2
- [Feature Request] Merge queue compatibility HOT 3
- Publish linux/arm64 Docker container
- Rule to make it possible to self-approve for certain users HOT 1
- Failure status check on branches not configured HOT 3
- Restrict approvals from the PR contributors even if contributor is not the owner of the PR HOT 2
- Prevent search engines from indexing policy bot... HOT 2
- [Question] default reviewer for non matching rules HOT 2
- How to ignore a user's approval in one team when the user is member of two approval teams? HOT 2
- Policy bot stuck on `Commit hash does not have a pushed date` HOT 29
- Trouble loading policy from repo HOT 2
- Allow '=' as comparison operator HOT 1
- Misleading documentation about file path regular expressions HOT 1
- AppID ENV Variable not respected HOT 2
- Confusing behavior with skipped checks. HOT 5
- Add feature to use request more reviewers than required count in case of random-users HOT 1
- [Question] Approval by teams agregator
- Declarative Testing of Policies HOT 5
- Certain merges can lead to ignored commits during evaluation
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from policy-bot.