Closed Bug 1957137 Opened 21 days ago Closed 21 days ago

Assess use of external addon CodeCov for a private repo in Mozilla's GitHub organization mozilla/mozilla-services

Categories

(mozilla.org :: Github: Administration, task)

Product:
mozilla.org
Component:
Github: Administration
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: cgramberg, Assigned: cknowles)

Details

I want to use the CodeCov App in mozilla-services/consvc_shepherd for the following reasons:

I'd like to be able to use the browser extension to see line level coverage in diffs as seen here

The application is enabled for mozilla-services already but I want to double check that it is okay to enable it for a private repo. I don't have access to see any notes in the bug linked here where this was approved.

I found this ticket where the app was approved for this repo but it was actually public at the time.

Below are my answers to your stock questions:

** Which repositories do you want to have access? (all or list)
https://github.com/mozilla-services/consvc-shepherd

** Are any of those repositories private?
Yes

** Provide link to vendor's description of permissions needed and why, or general documentation link for either the app or action

When I move through the flow on github to enable this app it asks for these permissions:

  • Read access to administration, code, issues, members, and metadata
  • Read and write access to checks, commit statuses, and pull requests

** If an app - please provide the Install link

I think this, but it is actually already installed: https://github.com/apps/codecov

NOTE

Think of this as you would any 3rd party source inclusion into a shipping product, including all the considerations here.

Please let me know if you need other information!

CodeCov is generally approved per our security folk - https://github.com/MoCo-GHE-Admin/Approved-GHE-add-ons/blob/main/Applications/codecov.md

Since you're an admin of the repo - that's all the approvals I need (you, and security)

I've enabled it on the GitHub side - you should be able to see it https://github.com/mozilla-services/consvc-shepherd/settings/installations

Let me know if you need anything else.

Assignee: nobody → cknowles
Status: NEW → RESOLVED
Closed: 21 days ago
Resolution: --- → FIXED

Great! I appreciate it!

You need to log in before you can comment on or make changes to this bug.