diff --git a/README.md b/README.md index 82521969..ad722639 100644 --- a/README.md +++ b/README.md @@ -263,7 +263,7 @@ As seen above, we have two steps. One for a noop deploy, and one for a regular d | `unlock_trigger` | `false` | `.unlock` | The string to look for in comments as an IssueOps unlock trigger. Used for unlocking branch deployments. Example: ".unlock" | | `help_trigger` | `false` | `.help` | The string to look for in comments as an IssueOps help trigger. Example: ".help" | | `lock_info_alias` | `false` | `.wcid` | An alias or shortcut to get details about the current lock (if it exists) Example: ".info" - Hubbers will find the ".wcid" default helpful ("where can I deploy") | -| `permissions` | `true` | `write,maintain,admin` | The allowed GitHub permissions an actor can have to invoke IssueOps commands - Example: "write,maintain,admin" | +| `permissions` | `true` | `write,admin` | The allowed GitHub permissions an actor can have to invoke IssueOps commands - Example: "write,admin" | | `commit_verification` | `false` | `"false"` | Whether or not to enforce commit verification before a deployment can continue. Default is `"false"`. This input option is excellent to enforce tighter security controls on your deployments. | | `param_separator` | `false` | `\|` | The separator to use for parsing parameters in comments in deployment requests. Parameters will are saved as outputs and can be used in subsequent steps - See [Parameters](docs/parameters.md) for additional details | | `global_lock_flag` | `false` | `--global` | The flag to pass into the lock command to lock all environments. Example: "--global" | diff --git a/__tests__/functions/help.test.js b/__tests__/functions/help.test.js index 85a42f47..c756c7c6 100644 --- a/__tests__/functions/help.test.js +++ b/__tests__/functions/help.test.js @@ -44,7 +44,7 @@ const defaultInputs = { skipReviews: '', draft_permitted_targets: '', admins: 'false', - permissions: ['write', 'admin', 'maintain'], + permissions: ['write', 'admin'], allow_sha_deployments: false, checks: 'all', commit_verification: true, @@ -83,7 +83,7 @@ test('successfully calls help with non-defaults', async () => { skipReviews: 'development', draft_permitted_targets: 'development', admins: 'monalisa', - permissions: ['write', 'admin', 'maintain'], + permissions: ['write', 'admin'], allow_sha_deployments: true, checks: ['test,build,security'], ignored_checks: ['lint', 'format'], @@ -121,7 +121,7 @@ test('successfully calls help with non-defaults again', async () => { skipReviews: 'development', draft_permitted_targets: 'development', admins: 'monalisa', - permissions: ['write', 'admin', 'maintain'], + permissions: ['write', 'admin'], allow_sha_deployments: false, checks: 'required', ignored_checks: ['lint'], @@ -171,7 +171,7 @@ test('successfully calls help with non-defaults and unknown update_branch settin skipReviews: 'development', draft_permitted_targets: 'development', admins: 'monalisa', - permissions: ['write', 'admin', 'maintain'], + permissions: ['write', 'admin'], allow_sha_deployments: false, checks: 'required', ignored_checks: ['lint'], diff --git a/__tests__/functions/prechecks.test.js b/__tests__/functions/prechecks.test.js index cf826dca..31a38864 100644 --- a/__tests__/functions/prechecks.test.js +++ b/__tests__/functions/prechecks.test.js @@ -25,7 +25,7 @@ beforeEach(() => { jest.spyOn(core, 'warning').mockImplementation(() => {}) jest.spyOn(core, 'setOutput').mockImplementation(() => {}) jest.spyOn(core, 'saveState').mockImplementation(() => {}) - process.env.INPUT_PERMISSIONS = 'admin,write,maintain' + process.env.INPUT_PERMISSIONS = 'admin,write' baseCommitWithOid = { nodes: [ @@ -57,7 +57,7 @@ beforeEach(() => { skipReviews: '', draft_permitted_targets: '', checks: 'all', - permissions: ['admin', 'write', 'maintain'], + permissions: ['admin', 'write'], commit_verification: false, ignored_checks: [] } @@ -857,7 +857,7 @@ test('runs prechecks and fails due to bad user permissions', async () => { .mockReturnValueOnce({data: {permission: 'read'}, status: 200}) expect(await prechecks(context, octokit, data)).toStrictEqual({ message: - '👋 @monalisa, that command requires the following permission(s): `admin/write/maintain`\n\nYour current permissions: `read`', + '👋 @monalisa, that command requires the following permission(s): `admin/write`\n\nYour current permissions: `read`', status: false }) }) diff --git a/__tests__/functions/valid-permissions.test.js b/__tests__/functions/valid-permissions.test.js index c76433f6..bd8f14a7 100644 --- a/__tests__/functions/valid-permissions.test.js +++ b/__tests__/functions/valid-permissions.test.js @@ -5,12 +5,12 @@ const setOutputMock = jest.spyOn(core, 'setOutput') var octokit var context -var permissions = ['write', 'maintain', 'admin'] +var permissions = ['write', 'admin'] beforeEach(() => { jest.clearAllMocks() jest.spyOn(core, 'setOutput').mockImplementation(() => {}) - process.env.INPUT_PERMISSIONS = 'write,maintain,admin' + process.env.INPUT_PERMISSIONS = 'write,admin' context = { actor: 'monalisa' @@ -46,7 +46,7 @@ test('determines that a user has does not valid permissions to invoke the Action }) expect(await validPermissions(octokit, context, permissions)).toEqual( - '👋 @monalisa, that command requires the following permission(s): `write/maintain/admin`\n\nYour current permissions: `read`' + '👋 @monalisa, that command requires the following permission(s): `write/admin`\n\nYour current permissions: `read`' ) expect(setOutputMock).toHaveBeenCalledWith('actor', 'monalisa') }) diff --git a/action.yml b/action.yml index 01c334f9..4dc82fc3 100644 --- a/action.yml +++ b/action.yml @@ -66,9 +66,9 @@ inputs: required: false default: ".wcid" permissions: - description: 'The allowed GitHub permissions an actor can have to invoke IssueOps commands - Example: "write,maintain,admin"' + description: 'The allowed GitHub permissions an actor can have to invoke IssueOps commands - Example: "write,admin"' required: true - default: "write,maintain,admin" + default: "write,admin" commit_verification: description: 'Whether or not to enforce commit verification before a deployment can continue. Default is "false"' required: false