Feature/922 make permissions configurable for custom workflows#923
Feature/922 make permissions configurable for custom workflows#923ArBridgeman wants to merge 25 commits into
Conversation
10e54e9 to
3b03bca
Compare
… be handled separately
- This is already present in the CLI of the nox sessions workflow:check and workflow:generate - This is already required by the WorkflowOrchestrator which is a pydantic model which restricts WorkflowChoice and hard-code maps it to the right values.
1eae0d1 to
69e8d14
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 69e8d1492a
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
…r_custom_workflows
| Custom Workflow Metadata | ||
| ^^^^^^^^^^^^^^^^^^^^^^^^ | ||
|
|
||
| The PTB extracts metadata from reusable custom workflow files and exposes it |
There was a problem hiding this comment.
I like the general and technical description.
Could we, for more straight-forward and impatient users, add a small section with concrete instructions?
- What do I need to do?
- When? (In which Scenario / Use Case / Problem)
- Example, maybe a pointer to one of the PTB's workflow templates illustrating the usage?
There was a problem hiding this comment.
I think for impatient users they can use codex to summarize what's already there.
There really isn't in my opinion too much text.
Each section already has an example showing what to do.
| (% if custom_workflows["merge-gate"].permissions %) | ||
| permissions: | ||
| contents: read | ||
| (% for permission_name, permission_level in custom_workflows["merge-gate"].permissions.items() %) |
There was a problem hiding this comment.
As this pattern repeats 3-4 times - would it make sense to move the functionality into an API function
and in the jinja template only have a call like this (not sure if this is possible)?:
(% workflow_permissions("merge-gate") %)There was a problem hiding this comment.
I implemented this separately for secrets being passed and permissions.
| raise ValueError(f"Unknown GitHub permission level: {value!r}") | ||
|
|
||
|
|
||
| def merge_permissions(permission_maps: list[dict[str, str]]) -> dict[str, str]: |
There was a problem hiding this comment.
I think I can get the goal of the implementation, but my stomach says there must be a simpler, shorter way.
How about this approach?
Permissions: TypeAlias = dict[str, str]
"""
Each permission is defined by a name as it key and a value, which is
either None, or "read" or "write".
"""
def merge_permissions(permission_maps: list[Permissions]) -> Permissions:
"""Merge permission maps to keep the greater permission."""
rank = {None: 0, "read": 1, "write": 2}
result = {}
def max_permission(perm: str, value: str) -> str:
current = result.get(perm)
return value if rank[value] > rank[current] else current
for other in permission_maps:
result |= {p: max_permission(p, v) for p, v in other.items()}
return resultNo enum required, < 70% characters, tests still green.
There was a problem hiding this comment.
Ok, I removed the enum and simplified it.
fa2b11c to
3663d2b
Compare
|




closes #922
Checklist
Note: If any of the items in the checklist are not relevant to your PR, just check the box.
For any Pull Request
Is the following correct:
When Changes Were Made
Did you:
When Preparing a Release
Have you: