[Feature] add support for GitHub discussions about app HOT 9 OPEN

@all-contributors/core what do you think?

I think it's within the scope of the app. I think we should transfer this issue to https://github.com/all-contributors/app. We will probably need to add a permission to the app in order to enable interacting with discussions

from app.

okay, I requested the read/write permission to discussions. Note current installations are not updated until the request is accepted by account owners. That means we have to account for the case that an installation might have the permission to read/write discussions or comments. I think this shouldn't be a problem in our case, because we would only interact with discussions when handling a discussion_comment event, which we will only receive if the owner accepted the permission.

Let me know if you have any questions.

I did not yet subscribe the app to the discussion_comment event. We can do that once we implement the functionality

from app.

@brylie - thanks for raising this. I have similar requirement for my project.

Currently as a workaround, we have created one issue where we link to a relevant contribution in discussions and evoke the All Contributors bot. It is less messy than converting each relevant discussion to an issue but still not ideal.

Reference: Atri-Labs/atrilabs-engine#332

from app.

Thanks, @darshitac11! That's a great idea 😎

Relatedly, I understand that All Contributors may not immediately, or ever, get this feature. However, I hope the issue will remain open as a placeholder for the possibility of being added.

from app.

I just got a request to enable this

What I don't understand about any of these permissions is why AllContributors needs write access to anything?

Read access should be sufficient.

What you wanna write to our discussions?

I think this opens the door to security holes and bugs, and I am not going to approve that permission.

I am actually thinking to disable AllContributors. It's cool, but I don't like it having write access to everything. If this gets hacked it can really mess up all our repos. So... why???

from app.

@brylie thanks for bringing this up. I think we can enable GH discussion in the future however I think we like to simply things out. @all-contributors/core what do you think?

from app.

Thanks @brylie!

Yes, I appreciate that you requested this feature. I'm sure many projects would love to use it whenever it is available. 💙

from app.

We will probably need to add a permission to the app in order to enable interacting with discussions

@gr2m great! shall we add now?

from app.

write access

in this context write access means it needs to be able to comment. There is not a more granular permission in order to write comments, you need full write access to all discussions.

and I am not going to approve that permission

You already approved it for repository contents, issues, and pull requests, but you do you 🤷🏼

I am actually thinking to disable AllContributors. It's cool, but I don't like it having write access to everything. If this gets hacked it can really mess up all our repos. So... why???

you don't need the app, you can probably set up your own automation using the CLI, the app is just for convenience and to lower the technical barrier to less technical users.

Reducing permissions is off topic for this issue, please open a separate discussion if you want to continue on that topic.

from app.