Hacker News new | ask | show | jobs
by robmck 825 days ago
Happy to explain a bit more!

Here are the steps we go through:

- Checkout the code to a temporary directory (which is deleted when it goes out of scope in python, so at the end of the indexing API call)

- Use Tree Sitter to create an index of just your chosen "Directory to Index" and then store that in a Redis cache

- We clear the index from the Redis cache if you haven't used it in 2 hours.

I don't know why exactly it says the message to "Act on your behalf". I just double-checked in our app, and confirmed that these are the only permissions we get:

- Contents - Read-only

- Metadata - Read-only

- Email addresses - Read-only

We agree that we shouldn't take write access if we are not writing PRs. Hopefully that helps!
1 comments
barbazoo 825 days ago
Thank you!

It does say which sounds really ominous: https://imgur.com/a/w8M0wcE

The link on the page points to https://docs.github.com/en/apps/using-github-apps/authorizin... which basically says the app can do whatever whenever.

I think if the wording was different I would be able to successfully pitch this to my work.

link
morgante 825 days ago
It's unfortunately terrible wording from GitHub for any app install: https://github.com/orgs/community/discussions/37117

Despite the scary warning, you're only granting the listed permissions.

link
barbazoo 825 days ago
What a terrible UX by Github.

> Despite the scary warning, you're only granting the listed permissions.

Is there a way for me to verify that that's the case? At least after granting the permissions?

link
robmck 824 days ago
Yes you can. If you click on your profile, and then Settings->Applications->Configure you can see the permissions

If you have it installed for an organization its slightly different. Go to the organization, then Settings->Github Apps->Configure.

For me at least, it lists the permissions the app has. Additionally, if we ever want to request new permissions in the future, you will have to grant them.

link
barbazoo 824 days ago
I'll try that, thanks
link
ivanovm 825 days ago
This is weird, and it does sound ominous. I went to double check the configuration!

On-prem is on our roadmap, we can definitely make that happen for you. We just went this route for now to make the app easily accessible to everyone

link