Merge pull request #351 from VOVELEE/feature/remove-maintain

Remove maintain permissions

Author: GrantBirki

README.md

@@ -263,7 +263,7 @@ As seen above, we have two steps. One for a noop deploy, and one for a regular d
 | `unlock_trigger` | `false` | `.unlock` | The string to look for in comments as an IssueOps unlock trigger. Used for unlocking branch deployments. Example: ".unlock" |
 | `help_trigger` | `false` | `.help` | The string to look for in comments as an IssueOps help trigger. Example: ".help" |
 | `lock_info_alias` | `false` | `.wcid` | An alias or shortcut to get details about the current lock (if it exists) Example: ".info" - Hubbers will find the ".wcid" default helpful ("where can I deploy") |
-| `permissions` | `true` | `write,maintain,admin` | The allowed GitHub permissions an actor can have to invoke IssueOps commands - Example: "write,maintain,admin" |
+| `permissions` | `true` | `write,admin` | The allowed GitHub permissions an actor can have to invoke IssueOps commands - Example: "write,admin" |
 | `commit_verification` | `false` | `"false"` | Whether or not to enforce commit verification before a deployment can continue. Default is `"false"`. This input option is excellent to enforce tighter security controls on your deployments. |
 | `param_separator` | `false` | `\|` | The separator to use for parsing parameters in comments in deployment requests. Parameters will are saved as outputs and can be used in subsequent steps - See [Parameters](docs/parameters.md) for additional details |
 | `global_lock_flag` | `false` | `--global` | The flag to pass into the lock command to lock all environments. Example: "--global" |

__tests__/functions/help.test.js

@@ -44,7 +44,7 @@ const defaultInputs = {
   skipReviews: '',
   draft_permitted_targets: '',
   admins: 'false',
-  permissions: ['write', 'admin', 'maintain'],
+  permissions: ['write', 'admin'],
   allow_sha_deployments: false,
   checks: 'all',
   commit_verification: true,
@@ -83,7 +83,7 @@ test('successfully calls help with non-defaults', async () => {
     skipReviews: 'development',
     draft_permitted_targets: 'development',
     admins: 'monalisa',
-    permissions: ['write', 'admin', 'maintain'],
+    permissions: ['write', 'admin'],
     allow_sha_deployments: true,
     checks: ['test,build,security'],
     ignored_checks: ['lint', 'format'],
@@ -121,7 +121,7 @@ test('successfully calls help with non-defaults again', async () => {
     skipReviews: 'development',
     draft_permitted_targets: 'development',
     admins: 'monalisa',
-    permissions: ['write', 'admin', 'maintain'],
+    permissions: ['write', 'admin'],
     allow_sha_deployments: false,
     checks: 'required',
     ignored_checks: ['lint'],
@@ -171,7 +171,7 @@ test('successfully calls help with non-defaults and unknown update_branch settin
     skipReviews: 'development',
     draft_permitted_targets: 'development',
     admins: 'monalisa',
-    permissions: ['write', 'admin', 'maintain'],
+    permissions: ['write', 'admin'],
     allow_sha_deployments: false,
     checks: 'required',
     ignored_checks: ['lint'],

__tests__/functions/prechecks.test.js

@@ -25,7 +25,7 @@ beforeEach(() => {
   jest.spyOn(core, 'warning').mockImplementation(() => {})
   jest.spyOn(core, 'setOutput').mockImplementation(() => {})
   jest.spyOn(core, 'saveState').mockImplementation(() => {})
-  process.env.INPUT_PERMISSIONS = 'admin,write,maintain'
+  process.env.INPUT_PERMISSIONS = 'admin,write'
 
   baseCommitWithOid = {
     nodes: [
@@ -57,7 +57,7 @@ beforeEach(() => {
       skipReviews: '',
       draft_permitted_targets: '',
       checks: 'all',
-      permissions: ['admin', 'write', 'maintain'],
+      permissions: ['admin', 'write'],
       commit_verification: false,
       ignored_checks: []
     }
@@ -857,7 +857,7 @@ test('runs prechecks and fails due to bad user permissions', async () => {
     .mockReturnValueOnce({data: {permission: 'read'}, status: 200})
   expect(await prechecks(context, octokit, data)).toStrictEqual({
     message:
-      '👋 @monalisa, that command requires the following permission(s): `admin/write/maintain`\n\nYour current permissions: `read`',
+      '👋 @monalisa, that command requires the following permission(s): `admin/write`\n\nYour current permissions: `read`',
     status: false
   })
 })

__tests__/functions/valid-permissions.test.js

@@ -5,12 +5,12 @@ const setOutputMock = jest.spyOn(core, 'setOutput')
 
 var octokit
 var context
-var permissions = ['write', 'maintain', 'admin']
+var permissions = ['write', 'admin']
 
 beforeEach(() => {
   jest.clearAllMocks()
   jest.spyOn(core, 'setOutput').mockImplementation(() => {})
-  process.env.INPUT_PERMISSIONS = 'write,maintain,admin'
+  process.env.INPUT_PERMISSIONS = 'write,admin'
 
   context = {
     actor: 'monalisa'
@@ -46,7 +46,7 @@ test('determines that a user has does not valid permissions to invoke the Action
     })
 
   expect(await validPermissions(octokit, context, permissions)).toEqual(
-    '👋 @monalisa, that command requires the following permission(s): `write/maintain/admin`\n\nYour current permissions: `read`'
+    '👋 @monalisa, that command requires the following permission(s): `write/admin`\n\nYour current permissions: `read`'
   )
   expect(setOutputMock).toHaveBeenCalledWith('actor', 'monalisa')
 })

action.yml

@@ -66,9 +66,9 @@ inputs:
     required: false
     default: ".wcid"
   permissions:
-    description: 'The allowed GitHub permissions an actor can have to invoke IssueOps commands - Example: "write,maintain,admin"'
+    description: 'The allowed GitHub permissions an actor can have to invoke IssueOps commands - Example: "write,admin"'
     required: true
-    default: "write,maintain,admin"
+    default: "write,admin"
   commit_verification:
     description: 'Whether or not to enforce commit verification before a deployment can continue. Default is "false"'
     required: false