How do you make Test and Code Coverage publicly available - azure-devops

How do you make Test and Code Coverage from the Azure Devops publicly available, so (anonymous, without an MSDN account) users can see the results without having to have an account on your organization? I tried fiddling with the "Readers" settings within Azure DevOps but no luck. Typically, when users don't have an account the Code Coverage will load indefinitely and the Test tab is not shown.
Question 2: how can I provide a direct link (url) to my latest code-coverage for a specific build definition? Using Shield.io i was able to get a badge for the code-coverage but i also would like to provide a direct link to the report.
shields.io link to badge: https://img.shields.io/azure-devops/coverage/OffTheRecordv4/OTRv4/1
This is the project:
https://dev.azure.com/OffTheRecordv4/OTRv4/_build?definitionId=1&_a=summary
and the shield.io badge can be viewed here:
https://github.com/southernsun/otr
when logged in:
When logged out (spinning wheel never stops and nothing loads):
Thanks!
UPDATE
I created a feature request, feel free to support the request: https://developercommunity.visualstudio.com/idea/1069707/allow-code-coverage-and-test-plan-tabs-accessible.html

According to your description, you are working with a public project. A public project allows non-members of a project and users who aren't signed in read-only, limited access to the project's artifacts and services. Check the following table:
To contribute to a public project, you must be added as a member of that project and assigned either Stakeholder, Basic, or Basic + Test Plans access. The access level determines the user interfaces you can access. If you want users to access Test, you would need to assign Basic + Test Plans access to them.
Regarding how to get code coverage link, you may try Code Coverage - Get Build Code Coverage API, which would give you codeCoverageFileUrl in response.

Related

Trying to retrieve GitHub "Code Scanning" is enabled or not (GitHub API)

I am working on a GitHub automation using github APIs. As a part of this automation, I want to get the status of "Code Scanning".
https://api.github.com/repos/{Org}/{repo}/code-scanning/analyses
I have tried with above API endpoint but it's not giving me whether the code scanning is enabled or not. Its only retrieving the executions of code scanning. Therefore, if a user enabled the code scanning and then disabled it, then the above endpoint will retrieve result set for previous executions.
I checked the Graphql documentation as well, but I couldn't find any resource to retrieve this. Following is the field I want to retrieve using an API call.
GitHub code scanning field

How to create a comment with data from endpoint?

At my company, we have a CLI which allows our customers to upload data to our backend solution. The CLI runs on PR changes within a job. Let's assume the uploaded data looks like this:
{
name: "John",
age: 20,
}
Once the upload is completed, I'd like to create a comment on the PR with to following body:
John is 20 years old.
I've found the following ways to do this:
GitHub App (a bot)
GitHub OAuth App
Personal Access Token
GITHUB_TOKEN
GitHub App
The GitHub App needs to do the following things:
Fetch the data via a user-specific API key
Create a comment
I already created a comment via a bot, but I have no clue how to fetch the data.
As far as my understanding goes, I'd like other users to be able to install this GitHub app from the marketplace to work out of the box. From the ProBot Docs I understand that the bot operates on a webhook basis. Meaning I need to subscribe to a 'job completed' event (not sure if that's the correct name but I think you get the idea) and then fetch the data via a user-specific API we are providing on our platform. However, I see no way for the user of our App to configure an API key (or any form of secret) so the bot can make authenticated requests to our endpoints.
I'd prefer to use GitHub App because the comment coming from the bot would have our company branding and also an indicator that this comment has been created by the integration.
OAuth App
I already tested this by using Postman, however, the comment looks like it's coming from a specific user. Therefore, it has no company branding and it's not clear that an integration created the comment. However, the great part is that we could integrate this with our application, so our backend could create the comment once the data is received.
What I like about this approach is that we also need to implement such a feature for GitLab, Azure, etc, and using OAuth likely scales well with the other providers in comparison to the GitHub app, which is GitHub-specific.
Personal Access Token
Works pretty much like the OAuth App, but instead of our backend creating the comment, the comment is created by the CLI (and the access token is passed into the CLI). However, I think this approach is a bit sketchy.
GITHUB_TOKEN
While I haven't tried this yet, I assume that the token has limited but sufficient permissions to create a comment. As of now, I don't know what the comment will look like, but I think we can rather safely pass this into the CLI to create the comment from there. Since the permissions are limited and the token is invalidated after the workflow I see limited risk for the user of our CLI (and services).
Edit: The comment is coming from the github-actions bot, which is not the branding we are looking for, but it's clear that the comment has been created by the integration.
Questions
What's the best way to accomplish what I am trying?
Is there any way I can make this work with GitHub Apps (aka bots)?

How to check if a user can create a repository in a GitHub organization via the REST API

I am writing a Github App that is able to create repositories in an installation.
When the App acts on behalf of an authenticated user, I would like to check that the user can (by themselves) create a repository in the org.
I have spent a lot of time on GitHub's API docs, but I cannot find the answer.
My first thought was that this info should be available in the endpoint /user/installations. The endpoint lists the installations that the user can access (either as a member of an organization or as an external collaborator). However, the permissions returned with each entry are actually the permissions for the App, not for the user. So, this is a dead end.
Another direction was looking at the (public+private) organizations of the user using /user/orgs.
(This does not seem the right direction because as an App I would expect to operate only on installations...)
With this endpoint, I can get all the organizations of the user. However, I don't get whether they can create repos and/or what the role of the user is in the organization.
Should I use the teams/roles part of the API?
My App doesn't ask for the members suite of permissions so I would like to avoid this road.
At this point, the only workarounds are:
Try to create the repo as the user, take note if it fails. Bad solution because I don't want to tell the user that they can create a repo if they can't.
In the background, try to create a repo as the user to check if it possible. If it is, delete the repo. This works but it seems an ugly workaround.
Any suggestion?

Github permissions

We've set up a Github app so that it automatically forks a repository for another individual Github user using the Github API. Now we're running into a problem that not everyone wants to give us full read access to all of their private repositories since sometimes they contain sensitive data.
Is there a way to only get read/write permission to a single repository and not the individual's entire account?
Unfortunately, this is not available yet. This feature is still under development as you can see in the Gihub Apps roadmap (and note that I am talking about Github Apps, not OAuth Github Apps). I don't know if this will ever be possible in OAuth Apps but it seems that it might in Github Apps.
There is already a discussion about this at the dear github repository. You should check for news there.
Is there a way to only get read/write permission to a single repository and not the individual's entire account?
Not that I know of: it is easier to setup a new dedicated GitHub account where you would recreate the private repos you want to give access to.
In that new account, you can consider all the private repos can be accessed.
You would keep the really private ones (with sensitive information) in your original GitHub account.
I believe you're looking for X-OAuth-Scopes. This is a well-defined header so that you may restrict your access scope to, for example, public repositories only.
The github developer documentation here says:
... space-delimited list of scopes. If not provided, scope defaults to an empty list for users that have not authorized any scopes for the application. For users who have authorized scopes for the application, the user won't be shown the OAuth authorization page with the list of scopes. Instead, this step of the flow will automatically complete with the set of scopes the user has authorized for the application. For example, if a user has already performed the web flow twice and has authorized one token with user scope and another token with repo scope, a third web flow that does not provide a scope will receive a token with user and repo scope.

Transactions/Identity API must be enabled before using

I have been trying to enable the streamline identity flown for google-actions. I have also set up a mocked Authorisation flow. I edited the fields in the actions console but I keep getting this error:
expected_inputs[0].possible_intents[0]: Transactions/Identity API must be enabled before using.
I have tried from the simulator, from my phone, sandbox on and off, I still don't see what I need to activate to make it work.
You don't have to use Transactions API to enable streamlined account linking but you need it only to use the mid-dialog account linking (AskForSignIn)
To test streamlined account linking without transactions API, you'll need to go to API.AI and select account linking required at the welcome intent. Learn more here.
It's probably because you have not updated action package. Check if the information in the account linking is identical to that of your action package.