Skip to content

adding hub-sync feature code#873

Draft
jefeish wants to merge 39 commits into
main-enterprisefrom
feature/hub-sync
Draft

adding hub-sync feature code#873
jefeish wants to merge 39 commits into
main-enterprisefrom
feature/hub-sync

Conversation

@jefeish

@jefeish jefeish commented Aug 28, 2025

Copy link
Copy Markdown
Contributor

This pull request introduces a new "Safe Settings Hub Sync" feature for centralized configuration management across multiple organizations.
The main changes include:

  • adding a hub‑and‑spoke synchronization handler,
  • updating environment/configuration files
  • introducing a new installation cache for efficient GitHub App installation lookups.
  • adding a dashboard ui
Comment thread lib/hubSyncHandler.js Fixed
Comment thread lib/routes.js Fixed
Comment thread ui/src/app/components/EnvVariables.jsx Fixed
Comment thread ui/src/app/components/OrganizationsTable.jsx Fixed
Comment thread ui/src/app/components/Safe-settings-hubContent.jsx Fixed
Comment thread ui/src/app/components/Safe-settings-hubContent.jsx Fixed
Comment thread ui/src/app/components/ThemeToggle.jsx Fixed
Comment thread lib/hubSyncHandler.js Fixed
Comment thread lib/hubSyncHandler.js Fixed
Comment thread lib/hubSyncHandler.js Fixed
Comment thread lib/routes.js Fixed
Comment thread lib/routes.js Fixed
Comment thread ui/src/app/components/Safe-settings-hubContent.jsx Fixed
Comment thread ui/src/app/components/Safe-settings-hubContent.jsx Fixed
Comment thread ui/src/app/components/Safe-settings-hubContent.jsx Fixed
Comment thread ui/src/app/components/Safe-settings-hubContent.jsx Fixed
Comment thread ui/src/app/dashboard/help/page.jsx Fixed
jefeish and others added 25 commits September 24, 2025 15:19
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
- Introduced a new "disable_plugins" property in the settings schema to allow disabling specific plugins at various configuration layers.
- Each entry can be a plugin name or an object specifying the plugin and its target layer (self, children, all).
- Updated smoke-test.js to include interactive mode for manual validation during test phases.
- Implemented new test cases for the disable_plugins feature, covering normalization, strip map computation, and integration with updateOrg and updateRepos functions.
- Added tests to ensure proper handling of valid and invalid disable_plugins configurations.
…nds survive

Without action.msg in the dedup key, multiple disable_plugins NopCommands
for the same repo (e.g. skipping 'labels' AND 'teams') all share the same
type+repo+plugin+endpoint key and only the first one survives, silently
dropping the rest from the PR comment and check-run output.

Adding action.msg to the key ensures each unique informational message
is retained while still deduplicating exact duplicates.

Also adds test 27 to cover this case.
- Introduced `additive_plugins` configuration to allow specific Diffable plugins to run in additive mode, preserving existing entries on GitHub.
- Updated `normalizeAdditivePlugins` method to validate and return a set of valid plugin names for additive mode.
- Modified `childPluginsList` to include section names for better tracking of additive flags.
- Enhanced existing tests to cover new functionality, ensuring proper behavior of plugins in additive mode.
- Added integration tests to verify that plugins behave correctly when configured with additive_plugins.
- Created a new environment file for webhook proxy configuration.
- Removed unnecessary comments and streamlined the constructor to enforce uppercase variable names.
- Simplified the `find` method to directly return the required variable data.
- Updated the `changed` method to directly compare values without additional sorting logic.
- Refactored `update`, `add`, and `remove` methods to return NopCommand instances when `nop` is true, preventing actual API calls.
- Enhanced unit tests to cover new NopCommand behavior and ensure proper functionality of the Variables plugin.
- Introduced phase 13 in smoke tests to validate variable creation, updating, and removal in repository settings.
- Added support for phase filtering in smoke tests to allow targeted execution of specific phases.
decyjphr and others added 11 commits June 7, 2026 17:35
Generate safe-settings YAML from existing GitHub configuration for a repo,
org, or custom-property-based suborg.

- lib/settingsGenerator.js: extraction engine reusing each plugin's find()
  to read current state and produce config/YAML, with cross-repo
  intersection for suborg generation.
- generate-settings.js: standalone CLI that writes generated YAML to the
  local filesystem (.sample.yml unless --overwrite); loads .env manually.
- index.js + app.yml: repository_dispatch (safe-settings-generate) handler
  that always opens a PR against the admin repo (never commits to the
  default branch directly).
- Suborg files are named suborgs/<name>_<value>.yml.
- README: document generator usage and the PR-only guarantee.
- Unit tests for the generator (25 tests).
- Added support for custom repository roles in smoke-test.js, including creation, deletion, and retrieval functions.
- Implemented new ruleset management functions for organizations and repositories.
- Updated smoke tests to validate the behavior of custom repository roles and rulesets under various scenarios.
- Enhanced existing tests to ensure proper handling of additive and disabled plugins for custom repository roles and rulesets.
- Introduced new test cases to cover scenarios where suborg configurations change and their impact on repository rulesets.
- Improved error handling and logging for better traceability during tests.
When a suborg.yml file changes its targeting rules (suborgrepos,
suborgteams, or suborgproperties), repos that no longer match the
updated targeting were not having their suborg-applied settings
(e.g. rulesets) removed. This happened because getSubOrgConfigs()
only resolves the new targeting, and repos not in the new targeting
were skipped in updateRepos().

Fix: Load the previous version of changed suborg config files from
the base ref (payload.before for push events, pull_request.base.ref
for PR/NOP mode), resolve which repos were previously targeted,
compare with current targeting, and process removed repos so
diffable's sync() detects and removes orphaned rulesets.

Changes:
- index.js: Pass payload.after/payload.before as ref/baseRef to
  syncSelectedSettings in push handler
- lib/settings.js: Add getReposRemovedFromSubOrgTargeting() method
  that compares old vs new targeting to find removed repos
- lib/settings.js: Add loadYamlFromRef() helper to load config
  from a specific git ref without cache interference
- lib/settings.js: Update syncSelectedRepos to accept baseRef,
  identify removed repos, and process them before the suborg loop
- test/unit/lib/settings.test.js: Add tests for targeting removal

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

3 participants