Conversation
andy

Andy Newton

I am noticing bot accounts hitting GitHub repos and approving (not merging, but approving) PRs. The GitHub docs on how to stop non-collaborators from doing this are difficult to understand. So far I have resorted to old-fashioned branch protection. Has anybody with a divining rod figured out the #github permissions to specifically address this issue?
1
4
2
hugovk@mastodon.social

Hugo van Kemenade

Reply to @andy

@andy You can restrict reviews to those with existing repo permissions:

'[ ] Limit to users explicitly granted read or higher access

'When enabled, only users explicitly granted access to this repository will be able to submit pull request reviews that "approve" or "request changes". All users able to submit comment pull request reviews will continue to be able to do so."

https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-pull-request-reviews-in-your-repository

1
0
0
andy

Andy Newton

Reply to @hugovk@mastodon.social
@hugovk Awesome! Yes, thanks. I cannot explain why I did not see that before.
0
0
2
About NoVaLUG

The Northern Virginia Linux Users Group (NoVaLUG)

We are a curious, informal, and friendly mix of IT professionals, hobbyists, students, and others with an interest in Linux, Free and Open Source software, and open knowledge. The Northern Virginia Linux Users Group (NoVaLUG) is the oldest LUG in the Northern VA area and likely in the whole of US, established in 1993.

Obtaining an Account

Accounts on this server are limited to members of NoVaLUG. To get an invite link, you must do one of the following:

  1. Ask for a link at one of our meetings.
  2. Send a message on our mailing list asking for a link.
  3. Request an invite link in our Signal chat group.

Service Information

Users on this server may be referred to with the novalug.org domain name (e.g. "foo@novalug.org" or "@foo@novalug.org"). However, when using URLs, the full hostname of akk.novalug.org must be used (e.g. "https://akk.novalug.org/foo").

To use this server with other clients, such as mobile apps, use the full host name of akk.novalug.org.

If you prefer the "classic" Mastodon UI, go here.

Code of Conduct

Our rules are simple.

  1. Be kind, be courteous.
  2. No porn.
  3. No spam.
  4. No harassment.
  5. No illegal behavior.
  6. Users must be 13 years of age or older.
We reserve the right to reject, delete, moderate and take any other action necessary. Simply put, don't be a jerk!