feat: add support for syncing secrets to GitHub Actions & Dependabot #716
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…Visibility parameters
…including listing organizations and syncing organization secrets
…r repo syncs and add org_sync and repo_visibility options
…election and visibility options for syncing
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request adds support for syncing secrets to GitHub Actions at the organization level, complementing the existing repository-level sync functionality. Users can now choose to sync secrets to all repositories or only private repositories within a GitHub organization.
Key Changes:
- Added organization sync option with a tabbed UI to switch between repository and organization sync modes
- Updated GitHub OAuth scope from
read:orgtoadmin:orgto support organization-level secret management - Implemented backend logic to sync secrets to GitHub organization-level secrets with configurable repository visibility
Reviewed changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 12 comments.
Show a summary per file
| File | Description |
|---|---|
frontend/graphql/queries/syncing/github/getOrgs.gql |
New GraphQL query to fetch user's GitHub organizations with their roles |
frontend/graphql/mutations/syncing/github/CreateGhActionsSync.gql |
Updated mutation to accept optional organization sync parameters (orgSync, repoVisibility) and made repoName optional |
frontend/components/syncing/ServiceInfo.tsx |
Added display logic to show organization sync information with repository visibility in the sync list |
frontend/components/syncing/GitHub/SetupGhAuth.tsx |
Updated OAuth scope from read:org to admin:org to enable organization secret management |
frontend/components/syncing/GitHub/CreateGhActionsSync.tsx |
Added tabbed interface for selecting between repository and organization sync, including organization picker and visibility options |
frontend/apollo/schema.graphql |
Added GitHubOrgType and updated mutation signature with new parameters |
frontend/apollo/graphql.ts |
Generated TypeScript types for the new GitHubOrgType and updated mutation types |
frontend/apollo/gql.ts |
Updated GraphQL document strings with new query and mutation signatures |
backend/backend/schema.py |
Registered GitHubOrgType and added githubOrgs query resolver |
backend/backend/graphene/queries/syncing.py |
Implemented resolve_gh_orgs to fetch user's GitHub organizations |
backend/backend/graphene/mutations/syncing.py |
Updated CreateGitHubActionsSync mutation to handle organization sync parameters and build appropriate sync options |
backend/api/utils/syncing/github/actions.py |
Added list_orgs, get_all_org_secrets, and sync_github_org_secrets functions for organization-level operations |
backend/api/tasks/syncing.py |
Updated perform_github_actions_sync to route to appropriate sync function based on org_sync flag |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <[email protected]> Signed-off-by: Nimish <[email protected]>
…tHub Actions syncs
Co-authored-by: Copilot <[email protected]> Signed-off-by: Nimish <[email protected]>
…l available' to 'No logs available'
… validation in CreateGitHubActionsSync mutation
…CreateGhActionsSync component
…dabot synchronization
…ndabot synchronization
…ub Dependabot synchronization
…abot synchronization
…tHub Dependabot synchronization
…t synchronization
…ub Dependabot synchronization
…itory details for GitHub Dependabot synchronization
nimish-ks
changed the title
nimish-ks
changed the title
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 20 out of 20 changed files in this pull request and generated 12 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…ndabotSync mutation
Co-authored-by: Copilot <[email protected]> Signed-off-by: Nimish <[email protected]>
Co-authored-by: Copilot <[email protected]> Signed-off-by: Nimish <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🔍 Overview
Add GitHub Dependabot secret sync support. Expanded the GitHub Actions integration to now able to sync secrets to GitHub Organization level. Both integrations use the same GitHub credentials, with repo/org destinations and org visibility (all/private). Includes org-duplicate guard to avoid races, oversized-secret handling, and UI parity with Actions.
Docs: phasehq/docs#198
💡 Proposed Changes
🖼️ Screenshots or Demo
📝 Release Notes
🎯 Reviewer Focus
api/utils/syncing/github/dependabot.py,backend/graphene/mutations/syncing.py,api/tasks/syncing.py,api/services.py, schema additions.CreateGhDependabotSync.tsx,CreateSyncDialog.tsx,ServiceInfo.tsx, new mutation GQL.💚 Did You...