Properly checks for team membership using the native
Microsoft Graph membership check that is targeted. The
original implementation, built on top of retrieving the
full list of security group members, does not scale for
large teams and was never intended to stick as the
"is in group" check.
Updates the Microsoft Graph client to allow for configurable
cache options at call time. Also in some methods such as getting
the members of a team, improves types, allows for direct or
transitive membership.
Integrates multiple changes from an internal fork to the open project:
- Strongly typing basic organization properties and flags
- Specialized app purposes
- Organization annotations
- Repo unarchive
- Configuration resolver supports dates
- Configuration resolver supporting above-root .env over env vars for Codespaces
- Initialization routine adds support for an optional company-specific secondary stage
- Supports flighting a second React frontend for specific or all users
- Most basic organization APIs support managed and unmanaged orgs for org details
Updates the open source project to reflect the recent updates
around continuing to make it easier to build in paralell and have
company-specific updates without impacting the upstream as much.
This is a batch of updates, including package version improvements.
- Axios: the library has gone through some growing pains for TypeScript
users. While the library no longer returns "unknown" for response types,
designed to encourage safe known casting, we do a lot of "cast as any" now,
and will improve in the future.
- Additional company-specific extension points around authentication
- Additional auth token types for just-in-time
- Cleanup of Passport routing. This could be breaking for anyone who has
taken the time to hack other Passport providers on top, so interested to
learn if anyone has (for example, the old Google integration as an auth provider
over AAD)
- Changes JSON paging APIs to be zero-based indexes
- Additional optional security app configuration
- Fixes a minor configuration issue
- Adds a more robust "RepositoryEntity" that is not used in the site, but by jobs or data systems
- Updated deps
- Graph provider adds a "get direct reports" method
Removing explicit casts from req.app.settings.providers and using
a function.
Switching from Mocha (which was mostly unused) to Jest.
Moving around type definitions and interfaces in a big way to try
and cleanup some legacy.
This is a set of changes that is still stabalizing. Code churn around modernization
could impact company-specific implementations.
interim refactoring as part of a GitHub Enterprise prototype. please avoid using or extending or open an issue in the repo if you are to discuss what should stay vs get yanked.
- introduces a temporary OperationsCore class and a nearly-empty typed interface for operations
- these types will reduce or be removed once the prototype is validated
- "capabilities" allow for partial implementation of operations methods in the prototype
- custom mail provider
- additional view properties or recipients for new repos
- additional non-client API routes
- custom view names in certain places
- ability to process firehose events optionally in a separate codepath
- removes Microsoft-specific mail provider from the project
- fixes a startup race condition
- more interfaces and types exported down the tree to reduce import statements
- additional insights and reduced error logging for valid not found scenarios
- graph manager removes old callback code and interfaces have minor **breaking renames** as a result
- moves some email-sending functions into independent files to reduce core class line count
- ignored catches replaced with telemetry more consistently (partial)
- graph provider adds optional caching (note: this is not yet stable)
- webhook firehose will only attempt deleting messages once
- latest Octokit versions
- uses reusable functions throughout GitHub API calls for max age seconds, background refresh, page size variables
- fixes a bug around app header selection for cross-organization calls
- attempts to use GitHub App authentication instead of central operations token in more places
- supports alternate GitHub REST API locations for app authentication and the API itself
- new GitHub APIs integrated into business classes: get repository issues
- removes request module family, adopting axios
Adds support for organization sudo privileges to flow from
security groups instead of from GitHub Teams as the source of
truth.
Sudo remains on by default and configured for teams.
Also provides for company-specific overrides if you have a
different system for authorization decisions that is not part
of the default kit.
This significant pull request patches the open source project with a number
of updates from inside Microsoft as part of connecting an automated publishing
process to keep the public version up-to-date and buildable.
We are also removing Microsoft-specific endpoints and APIs when easy enough to
do, and adding a "company-specific" extension model to try as we go about this.
- Removes legacy "Witness Redis" code that was a Microsoft-internal thing
- Refactors Mail Address Provider for function signatures with a Promise, no callbacks
- Refactors Microsoft Mail Address Provider to use the Graph Provider for mail lookup instead of the legacy Redis system
- Minor chores on updating some imports, default export module functions
- Web server listen routine happens sooner during startup to better land Kubernetes readiness and liveness probes
During the month of May and June, we forked this application internally
as part of a specific set of temporary changes. To converge once again
with the open source version and make it easier to collaborate with others,
this brings the latest changes up.
There is a need to refactor and feature flag the service account piece into
the newer experience as new debt.
If a manager is known for an employee, we will also notify
the manager via a carbon copy on e-mails related to new repos,
locked forks, or newly created repos that still need classification.
As a quick change, this does not add a feature flag to enable or disable
this; however, if a manager is not known via the corporate contacts or
cached employee information system, there will be no error.
- Enables GitHub App-based server-to-server communication
- Enables dynamic (database-backed) organization setting configuration
- QueryCache system, when paired with a Postgres database and GitHub App webhooks keeps teams, repo lists, etc. up-to-date more efficiently than the older GitHub REST API-based method
- Various bug fixes
- Entities (links, join requests, repo metadata) refactored
- Entities can be stored in Postgres, Azure Table, or memory
- Introduces a quickstart memory provider mode
- Evolution of more classes and methods to ES6, await/async, TypeScript typings
- Updates of package versions
Major updates to the application, including some minor breaking changes.
The public updates (that make it less Microsoft-specific) are still in
development; this represents trying to get it ready for updates.
Jeff Wilcox
Nick Schonning
Jeff Wilcox
Joey Wilhelm
Jeff Wilcox
Jeff Wilcox