Adds event hooks that a company can extend when a link is created
or unlinked.
We are using this with our custom Kusto/Azure Data Explorer
integration where we are more actively ingesting changes to
link data.
Adds event hooks that a company can extend when a link is created
or unlinked.
We are using this with our custom Kusto/Azure Data Explorer
integration where we are more actively ingesting changes to
link data.
To support newer scenarios that are Microsoft-specific for automating
some types of team membership, this adds new extension points to
evaluate team join request conditions sooner in the middleware and
pipeline.
Also augments the JSON for client APIs about the team(s) to allow
inserting company-specific configuration or state into those responses.
- Removes CENTRAL_OPERATIONS_TOKEN
- System teams - open access
- adds open access concept, which is a broad access team anyone in the org can join without approval
- open access teams are not recommended the same way as broad access teams during new repo setup
- TypeScript: prefer types to interfaces
- GitHub Apps and REST APIs:
- Simplifying bound function calls
- Relocated app and token management files
- Improves types for header/tokens
- Allow custom app purposes to retrieve app token instances
- Custom app purpose debug display fix
- PAT/app token type identification helper method
- Collections now expose "collectAllPages" and "collectAllPagesViaHttpGet" to move specific code out of the file
- Fix for custom apps initialized after startup
- Custom Properties Beta support
- Client APIs remain behind the session middleware
- Non-client APIs no longer set cookies given their stateless nature
- Simplifies the directory structure
- Removes Microsoft-specific API configuration and code not useful to the OSS version
Expands the custom app support to enable new purposes that are tied
to the settings system. We use this at Microsoft to enable specific
one-off apps with unique identities to work across specific purposes.
Integrates multiple changes from an internal fork to the open project:
- Strongly typing basic organization properties and flags
- Specialized app purposes
- Organization annotations
- Repo unarchive
- Configuration resolver supports dates
- Configuration resolver supporting above-root .env over env vars for Codespaces
- Initialization routine adds support for an optional company-specific secondary stage
- Supports flighting a second React frontend for specific or all users
- Most basic organization APIs support managed and unmanaged orgs for org details
Updates the open source project to reflect the recent updates
around continuing to make it easier to build in paralell and have
company-specific updates without impacting the upstream as much.
This is a batch of updates, including package version improvements.
- Axios: the library has gone through some growing pains for TypeScript
users. While the library no longer returns "unknown" for response types,
designed to encourage safe known casting, we do a lot of "cast as any" now,
and will improve in the future.
- Additional company-specific extension points around authentication
- Additional auth token types for just-in-time
- Cleanup of Passport routing. This could be breaking for anyone who has
taken the time to hack other Passport providers on top, so interested to
learn if anyone has (for example, the old Google integration as an auth provider
over AAD)
- Improved new repository lockdown experience
- Supports swapping description and website URL for repos temporarily until approval
- Supports an initial README commit directing people to the setup experience, if there are no commits yet
- Directly created repos become private immediately but retain access for the initial creator of the repo with read permission
- Removes new repository branch rename feature (GitHub natively supports org-level and enterprise-level custom defaults now)
- Removes 'uuid' dependency to favor newer Node LTS 14+ crypto.randomUUID
- App and job configuration object replaces "treatGitHubAppAsBackground" with "enableAllGitHubApps"
- Table encryption bug fix when pulling from key vault
- Chore: updates NPM dependencies
- Removes antiquated Azure Storage and table SDKs
- Removes dependency on painless-config-resolver (which is now inline inside the project and adopts the latest Azure SDK for KeyVault)
- Adds company-specific unlink and link mail template overrides
- Adds new unlink notification mail to people who remove themselves, or are removed
- Updates more legacy functions from callbacks to more modern equivalents
- Removes unused reports "data lake" storage methods
- Removes moment timezone library
- System administrator data can now alternatively come from security groups instead of hard-coded configuration
Breaking changes
- Removes painless-config support. .env and environment/container env methods only. If you have a JSON env file, update it to a .env-compatible format for local development use.
- Changes JSON paging APIs to be zero-based indexes
- Additional optional security app configuration
- Fixes a minor configuration issue
- Adds a more robust "RepositoryEntity" that is not used in the site, but by jobs or data systems
- Updated deps
- Graph provider adds a "get direct reports" method
Removing explicit casts from req.app.settings.providers and using
a function.
Switching from Mocha (which was mostly unused) to Jest.
Moving around type definitions and interfaces in a big way to try
and cleanup some legacy.
This is a set of changes that is still stabalizing. Code churn around modernization
could impact company-specific implementations.
interim refactoring as part of a GitHub Enterprise prototype. please avoid using or extending or open an issue in the repo if you are to discuss what should stay vs get yanked.
- introduces a temporary OperationsCore class and a nearly-empty typed interface for operations
- these types will reduce or be removed once the prototype is validated
- "capabilities" allow for partial implementation of operations methods in the prototype
- custom mail provider
- additional view properties or recipients for new repos
- additional non-client API routes
- custom view names in certain places
- ability to process firehose events optionally in a separate codepath
- removes Microsoft-specific mail provider from the project
- fixes a startup race condition
- more interfaces and types exported down the tree to reduce import statements
- additional insights and reduced error logging for valid not found scenarios
- graph manager removes old callback code and interfaces have minor **breaking renames** as a result
- moves some email-sending functions into independent files to reduce core class line count
- ignored catches replaced with telemetry more consistently (partial)
- graph provider adds optional caching (note: this is not yet stable)
- webhook firehose will only attempt deleting messages once
- latest Octokit versions
- uses reusable functions throughout GitHub API calls for max age seconds, background refresh, page size variables
- fixes a bug around app header selection for cross-organization calls
- attempts to use GitHub App authentication instead of central operations token in more places
- supports alternate GitHub REST API locations for app authentication and the API itself
- new GitHub APIs integrated into business classes: get repository issues
- removes request module family, adopting axios
Supports using security groups for portal sudo permissions
instead of the primary GitHub org's sudo configuration, if
present.
Breaking feature change:
This feature is not enabled by default and must use a feature flag
to opt-in.
The feature flag is "FEATURE_FLAG_ALLOW_PORTAL_SUDO".
The standard behavior, when the flag is enabled, is still to use
the first org. Alternatively, configuration and a SG ID can be provided.
Adds support for organization sudo privileges to flow from
security groups instead of from GitHub Teams as the source of
truth.
Sudo remains on by default and configured for teams.
Also provides for company-specific overrides if you have a
different system for authorization decisions that is not part
of the default kit.
This significant pull request patches the open source project with a number
of updates from inside Microsoft as part of connecting an automated publishing
process to keep the public version up-to-date and buildable.
We are also removing Microsoft-specific endpoints and APIs when easy enough to
do, and adding a "company-specific" extension model to try as we go about this.