You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There seems to be another problem with the rule, which is the following:
The profile correctly "fails" when a Triage GHSA is created, but never recovers from it if that exact GHSA is "closed" or accepted into "draft". Just to make it clear, there are 4 states a GHSA can be in: "triage", "draft", "published" and "closed". The ones that send a GitHub webhook event are "triage (reported)" and "published". The other two, do not.
Due to this, we don't bring the profile back to "Success" once a GHSA in "triage" is transferred to "closed" or accepted as a "draft", only when it's "published".
In https://github.com/stacklok/minder-rules-and-profiles/pull/72 the rule was updated to better reflect its functionality and to filter out "draft" GHSAs upon profile creation (this was done to keep it consistent with the GitHub webhooks).
There seems to be another problem with the rule, which is the following:
The profile correctly "fails" when a Triage GHSA is created, but never recovers from it if that exact GHSA is "closed" or accepted into "draft". Just to make it clear, there are 4 states a GHSA can be in: "triage", "draft", "published" and "closed". The ones that send a GitHub webhook event are "triage (reported)" and "published". The other two, do not.
Due to this, we don't bring the profile back to "Success" once a GHSA in "triage" is transferred to "closed" or accepted as a "draft", only when it's "published".
cc: @JAORMX
The text was updated successfully, but these errors were encountered: