Remove bot user

README.md

@@ -22,22 +22,20 @@ The slack notification can be configured by setting the `SLACK_MESSAGE_FILE`. Th
  - `#l` is replaced with the label configured in `EMERGENCY_LABEL`
  - `#i` is replaced with the url to the issue created, if issue creation is enabled
 ## Environment setup
-### Create Bot User
-If you want the app to merge the emergency PR, and you have "Require status checks to pass before merging" in your branch protection, you will need to give the bot user `owner` permissions on the Org or repo.
-
-If you do not have "Require status checks to pass before merging" you can make the bot user a standard user. If you also have more than 1 approval required you will need to configure the bot user in your branch protection section "Allow specified actors to bypass pull request requirements" in order to allow merging.
-
-Generate a PAT for the bot user with repo scope. Configure SSO for the PAT, authorizing the PAT for your org.
 ### Create GitHub App
 Create the GH App in your org or repo. Define a client secrent. Generate a private key.
 #### Grant repository permissions
+Set Contents access to `Read & write`
 Set Issues access to `Read & write`  
 Set Pull Requests access to `Read & write`  
 #### Subscripe to events
 Check `Issues`  
 Check `Issue comment`  
 Check `Pull request`
 
+#### Allow app to bypass branch protection
+If you want the app to merge the emergency PR, and you have "Require status checks to pass before merging" in your branch protection, you will need to allow the app to bypass branch protection.
+
 Once you have the bot user setup and the GitHub app configured you are ready to deploy!
 
 ### Create a Slack App

app.js

@@ -23,11 +23,12 @@ module.exports = (app) => {
       // Approve PR, if configured to do so
       if (process.env.APPROVE_PR == 'true') {
         console.log(`Adding review to PR`);
-        await axios({
-          method: 'post',
-          url: `${context.payload.pull_request.url}/reviews`,
-          auth: auth,
-          data: { "event": "APPROVE" }
+        await context.octokit.rest.pulls.createReview({
+          owner: context.payload.repository.owner.login,
+          repo: context.payload.repository.name,
+          pull_number: context.payload.pull_request.number,
+          body: "Approved by emergency PR bot",
+          event: "APPROVE"
         }).then(response => {
           console.log(`Review added`);
         }).catch(error => {
@@ -46,16 +47,13 @@ module.exports = (app) => {
         }
         let issueBody = fs.readFileSync(process.env.ISSUE_BODY_FILE, 'utf8');
         issueBody = issueBody.replace('#',context.payload.pull_request.html_url);
-        await axios({
-          method: 'post',
-          url: `${context.payload.repository.url}/issues`,
-          auth: auth,
-          data: { 
-            "title": process.env.ISSUE_TITLE,
-            "body": issueBody,
-            "labels": [emergencyLabel],
-            ...assignees
-          }
+        await context.octokit.rest.issues.create({
+          owner: context.payload.repository.owner.login,
+          repo: context.payload.repository.name,
+          title: process.env.ISSUE_TITLE,
+          body: issueBody,
+          labels: [emergencyLabel],
+          ...assignees
         }).then(response => {
           console.log(`Issue created`)
           newIssue = response.data.html_url;
@@ -69,10 +67,11 @@ module.exports = (app) => {
       // Merge PR, if configured to do so
       if (process.env.MERGE_PR == 'true') {
         console.log(`Merging PR`);
-        await axios({
-          method: 'put',
-          url: `${context.payload.pull_request.url}/merge`,
-          auth: auth
+        await context.octokit.rest.pulls.merge({
+          owner: context.payload.repository.owner.login,
+          repo: context.payload.repository.name,
+          pull_number: context.payload.pull_request.number,
+          //merge_method: "squash"
         }).then(response => {
           console.log(`PR merged`);
         }).catch(error => {
@@ -135,13 +134,11 @@ module.exports = (app) => {
       let errorsArray = [];
 
       // Add emergency label
-      await axios({
-        method: 'patch',
-        url: context.payload.pull_request.issue_url,
-        auth: auth,
-        data: { 
-          "labels": [emergencyLabel]
-        }
+      await context.octokit.rest.issues.addLabels({
+        owner: context.payload.repository.owner.login,
+        repo: context.payload.repository.name,
+        issue_number: context.payload.pull_request.number,
+        labels: [emergencyLabel]
       }).then(response => {
         console.log(`${emergencyLabel} label reapplied to PR: ${context.payload.pull_request.html_url}`);
       }).catch(error => {
@@ -167,13 +164,11 @@ module.exports = (app) => {
       let errorsArray = [];
 
       // Add emergency label
-      await axios({
-        method: 'patch',
-        url: context.payload.issue.url,
-        auth: auth,
-        data: { 
-          "labels": [emergencyLabel]
-        }
+      await context.octokit.rest.issues.addLabels({
+        owner: context.payload.repository.owner.login,
+        repo: context.payload.repository.name,
+        issue_number: context.payload.pull_request.number,
+        labels: [emergencyLabel]
       }).then(response => {
         console.log(`${emergencyLabel} label reapplied to PR: ${context.payload.issue.html_url}`);
       }).catch(error => {
@@ -195,13 +190,11 @@ module.exports = (app) => {
     if (context.payload.pull_request.body.toLocaleLowerCase().includes(process.env.TRIGGER_STRING)) {
       // Found the trigger string, so add the emergency label to trigger the other stuff...
       let errorsArray = [];
-      await axios({
-        method: 'patch',
-        url: context.payload.pull_request.issue_url,
-        auth: auth,
-        data: { 
-          "labels": [emergencyLabel]
-        }
+      await context.octokit.rest.issues.addLabels({
+        owner: context.payload.repository.owner.login,
+        repo: context.payload.repository.name,
+        issue_number: context.payload.pull_request.number,
+        labels: [emergencyLabel]
       }).then(response => {
         console.log(`${emergencyLabel} label applied to PR: ${context.payload.pull_request.html_url}`);
         newIssue = response.data.html_url;
@@ -224,13 +217,11 @@ module.exports = (app) => {
     if (context.payload.issue.pull_request && context.payload.comment.body.toLocaleLowerCase().includes(process.env.TRIGGER_STRING)) {
       // This is a comment on a PR and we found the trigger string, so add the emergency label to trigger the other stuff...
       let errorsArray = [];
-      await axios({
-        method: 'patch',
-        url: context.payload.issue.url,
-        auth: auth,
-        data: { 
-          "labels": [emergencyLabel]
-        }
+      await context.octokit.rest.issues.addLabels({
+        owner: context.payload.repository.owner.login,
+        repo: context.payload.repository.name,
+        issue_number: context.payload.pull_request.number,
+        labels: [emergencyLabel]
       }).then(response => {
         console.log(`${emergencyLabel} label applied to PR: ${context.payload.issue.pull_request.html_url}`);
         newIssue = response.data.html_url;

template.yml

@@ -12,12 +12,6 @@ Parameters:
   githubPrivateKey:
     Description: The base64 encoded private key of your GitHub app
     Type: String
-  githubUser:
-    Description: The user with admin access
-    Type: String
-  githubPat:
-    Description: The PAT of the user with admin access
-    Type: String
   emergencyLabel:
     Description: The label to use for emergency issues
     Type: String
@@ -101,8 +95,6 @@ Resources:
           APP_ID: !Ref githubAppId
           WEBHOOK_SECRET: !Ref githubWebhookSecret
           PRIVATE_KEY: !Ref githubPrivateKey
-          GITHUB_USER: !Ref githubUser
-          GITHUB_PAT: !Ref githubPat
           EMERGENCY_LABEL: !Ref emergencyLabel
           ISSUE_TITLE: !Ref issueTitle
           ISSUE_BODY_FILE: !Ref issueBodyFile