Skip to content

🩹 [Patch]: Add Fine-Grained Permissions Data for GitHub PowerShell Module #501

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 24 commits into from
Sep 9, 2025
Merged

🩹 [Patch]: Add Fine-Grained Permissions Data for GitHub PowerShell Module #501

merged 24 commits into from
Sep 9, 2025

Conversation

Copilot
Copy link
Contributor

@Copilot Copilot AI commented Sep 8, 2025
edited by MariusStorhaug
Loading

This PR implements a comprehensive fine-grained permissions data infrastructure for the GitHub PowerShell module, enabling detection of GitHub App installations that may be missing newly added permissions.

What's New

GitHubPermission Class

Added a new public GitHubPermission class with the following properties:

  • Name - Programmatic permission name (e.g., contents, issues)
  • DisplayName - Human-friendly name (e.g., "Contents", "Issues")
  • Description - Brief description of what access the permission grants
  • URL - Link to relevant GitHub documentation
  • Options - Available access levels (read, write, admin)
  • Type - Permission type (Fine-grained, Classic)
  • Scope - Application scope (Repository, Organization, User, Enterprise)

Comprehensive Permissions Database

Added 90 fine-grained permissions covering all major GitHub permission categories:

  • 33 Repository permissions - actions, contents, issues, pull_requests, secrets, etc.
  • 33 Organization permissions - members, administration, organization_secrets, etc.
  • 18 User permissions - profile, followers, git_ssh_keys, etc.
  • 6 Enterprise permissions - custom properties, organization installation, etc.

Get-GitHubPermissionDefinition Function

New public function to query the permissions database with advanced filtering:

# Get all permissions
Get-GitHubPermissionDefinition

# Filter by scope
Get-GitHubPermissionDefinition -Scope Repository

# Combined filtering
Get-GitHubPermissionDefinition -Type Fine-grained -Scope Organization

# Find specific permissions
Get-GitHubPermissionDefinition -Name 'contents'

Argument Completers

Added argument completers for Get-GitHubPermissionDefinition parameters to improve user experience:

  • Name - Tab completion for available permission names (actions, contents, issues, etc.)
  • DisplayName - Tab completion for available permission display names (Actions, Dependabot alerts, etc.)
  • Type - Tab completion for available permission types (Fine-grained)
  • Scope - Tab completion for available scopes (Repository, Organization, User, Enterprise)

Use Cases

This infrastructure enables several key scenarios:

  1. Permission Validation - Compare GitHub App installations against the complete permissions list
  2. Installation Health Checks - Detect apps missing newly added permissions
  3. Documentation - Provide users with comprehensive permission reference
  4. Automation - Build tools that ensure installations stay current with permission requirements
  5. Enhanced User Experience - Tab completion for parameter values improves usability

Implementation Details

  • File path permissions excluded - These are handled differently by the GitHub API (appear under FilePaths property rather than as named permissions)
  • Maintainable structure - Easy to update when GitHub adds new permissions
  • Performance optimized - Efficient filtering and lookup operations
  • Comprehensive testing - Full test coverage for all functionality
  • Argument completion - Improves user experience with tab completion support

Example Usage

# Check what repository permissions are available (with tab completion)
$repoPerms = Get-GitHubPermissionDefinition -Scope <TAB>
Write-Host "Repository permissions: $($repoPerms.Count)"

# Get details about the contents permission (with tab completion)
$contents = Get-GitHubPermissionDefinition -Name cont<TAB>
Write-Host "$($contents.DisplayName): $($contents.Description)"
Write-Host "Available options: $($contents.Options -join ', ')"

This provides the foundation for building automated permission management tools and ensuring GitHub App installations remain up-to-date with the latest permission requirements.

Copilot AI and others added 3 commits September 8, 2025 12:49
@Copilot @MariusStorhaug
Add GitHubPermission class and permissions data infrastructure
a16e7d5 
Co-authored-by: MariusStorhaug <17722253+MariusStorhaug@users.noreply.github.com>
@Copilot @MariusStorhaug
Fix permissions data to use proper constructor syntax
aea3c0e 
Co-authored-by: MariusStorhaug <17722253+MariusStorhaug@users.noreply.github.com>
@Copilot @MariusStorhaug
Add documentation clarifications and demo for permissions feature
21ee44d 
Co-authored-by: MariusStorhaug <17722253+MariusStorhaug@users.noreply.github.com>
@Copilot Copilot AI changed the title [WIP] 🩹 [Patch]: Fine-Grained Permissions Data for GitHub PowerShell Module 🩹 [Patch]: Add Fine-Grained Permissions Data for GitHub PowerShell Module Sep 8, 2025
Copilot finished work on behalf of MariusStorhaug September 8, 2025 12:58
@Copilot Copilot AI requested a review from MariusStorhaug September 8, 2025 12:58
@MariusStorhaug
Refactor code structure for improved readability and maintainability
a433ab3
@MariusStorhaug
Remove GitHubPermissions.ps1 file containing fine-grained permissions…
59ec553 
… for repositories, organizations, users, and enterprises.
@MariusStorhaug
Add unit tests for Users, Variables, and Permissions modules
0b48f7c 
- Created Users.Tests.ps1 to test GitHub user-related functionalities including user retrieval and updates.
- Created Variables.Tests.ps1 to test GitHub variable management across different scopes (organization, repository, environment).
- Created Permissions.Tests.ps1 to validate permission definitions and GitHubPermission class properties.
- Implemented logging and context management for better test output and organization.
- Added necessary suppression attributes for Pester compatibility and long lines.
@MariusStorhaug
Add tests for app installation permissions in Permissions module
af5d349
@MariusStorhaug
Refactor Permissions tests to lazily initialize app installation cont…
7997323 
…ext and improve permission validation
@MariusStorhaug
Fix variable reference in Get-GitHubPermissionDefinition function to …
82cd7e8 
…use correct permissions data
@MariusStorhaug
Update Permissions tests to enable context execution and adjust expec…
fe9a112 
…ted permission string
@MariusStorhaug
Comment out actions permission in GitHub permissions configuration
1011fba
@MariusStorhaug
Update actions permission to allow only read access in GitHub permiss…
8af7979 
…ions configuration
@MariusStorhaug
Add 'write' permission to GitHub Actions repository permissions
3ccd8bb
@MariusStorhaug
Refactor permission matching logic to use a scriptblock for improved …
6c5cd6f 
…readability and maintainability
@MariusStorhaug
Refactor permission URLs in GitHub.ps1 for improved readability
45cd81e
@MariusStorhaug
Add GitHubPermissionDefinition class and update permissions handling …
cab6828 
…in GitHub.ps1 and tests
@MariusStorhaug
Rename GitHubPermission constructor to GitHubPermissionDefinition for…
e54b541 
… consistency and clarity
@MariusStorhaug
Copy link
Member

@copilot Add argument completers for Get-GitHubPermissionDefinition, for the parameters 'Scope', 'Name' and 'Type'.

@Copilot @MariusStorhaug
Add argument completers for Get-GitHubPermissionDefinition parameters
40bc1e3 
Co-authored-by: MariusStorhaug <17722253+MariusStorhaug@users.noreply.github.com>
@Copilot Copilot SWE Agent
Copy link
Contributor Author

Copilot AI commented Sep 9, 2025

@copilot Add argument completers for Get-GitHubPermissionDefinition, for the parameters 'Scope', 'Name' and 'Type'.

Added argument completers for all three parameters of Get-GitHubPermissionDefinition:

  • Name - Completes with available permission names (actions, contents, issues, etc.)
  • Type - Completes with available permission types (Fine-grained)
  • Scope - Completes with available scopes (Repository, Organization, User, Enterprise)

The completers follow the established patterns in the codebase and provide tab completion support for better user experience. Commit: 40bc1e3

Copilot finished work on behalf of MariusStorhaug September 9, 2025 08:28
@MariusStorhaug MariusStorhaug marked this pull request as ready for review September 9, 2025 08:38
@Copilot Copilot AI review requested due to automatic review settings September 9, 2025 08:38
@MariusStorhaug MariusStorhaug requested a review from a team as a code owner September 9, 2025 08:38
Copilot
Copilot AI reviewed Sep 9, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements a comprehensive fine-grained permissions data infrastructure for the GitHub PowerShell module, enabling detection of GitHub App installations that may be missing newly added permissions.

  • Adds a new GitHubPermissionDefinition class to represent GitHub permissions with properties like Name, DisplayName, Description, URL, Options, Type, and Scope
  • Introduces 55 fine-grained permission definitions covering Repository (29), Organization (13), User (13), and Enterprise (6) scopes
  • Implements Get-GitHubPermissionDefinition function with filtering capabilities and argument completers for improved user experience

Reviewed Changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 6 comments.

Show a summary per file
File Description
tests/Permissions.Tests.ps1 Comprehensive test suite for permission validation and the new function
src/variables/private/GitHub.ps1 Adds 55 fine-grained permission definitions to the module's data store
src/functions/public/Permission/completers.ps1 Implements argument completers for Name, Type, and Scope parameters
src/functions/public/Permission/Get-GitHubPermissionDefinition.ps1 New public function to query permission definitions with filtering
src/formats/GitHubPermission.Format.ps1xml Formatting configuration for displaying permissions in table format
src/classes/public/GitHubPermissionDefinition.ps1 Class definition for representing GitHub permission data

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@MariusStorhaug
Add comprehensive tests for GitHub Teams, Users, and Variables
7e71361 
- Introduced Teams.Tests.ps1 to validate team creation, retrieval, updating, and deletion functionalities.
- Added Users.Tests.ps1 to test user-related operations including user updates and email management.
- Created Variables.Tests.ps1 to ensure proper handling of GitHub variables across different scopes (organization, repository, environment).
- Enhanced Permissions.Tests.ps1 to improve structure and readability, consolidating permission checks for GitHub Apps.
@MariusStorhaug
Add GitHubPermissionDefinition.Format.ps1xml for formatting GitHubPer…
17a51f8 
…missionDefinition output
@MariusStorhaug
Fix column labels and update hyperlink display in GitHubPermissionDef…
cf71ccd 
…inition formatting
@MariusStorhaug
Add initial test scripts for GitHub API interactions
2cc8ffb 
- Created TEMPLATE.ps1 for Pester tests with a structure for authentication cases.
- Added Teams.Tests.ps1 to test GitHub Teams API functionalities including team creation, retrieval, updating, and deletion.
- Introduced Users.Tests.ps1 to validate user-related API calls, including user retrieval and updates.
- Implemented Variables.Tests.ps1 to test GitHub variable management across different scopes (organization, repository, environment).
@MariusStorhaug
Refactor argument completer indentation for Get-GitHubPermissionDefin…
5823080 
…ition
@MariusStorhaug MariusStorhaug merged commit fff966d into main Sep 9, 2025
316 of 340 checks passed
@MariusStorhaug MariusStorhaug deleted the copilot/fix-485 branch September 9, 2025 13:17
@github-project-automation github-project-automation bot moved this from Todo to Done in GitHub PowerShell Module Sep 9, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 9, 2025

Module GitHub - 0.36.10 published to the PowerShell Gallery.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 9, 2025

GitHub release for GitHub v0.36.10 has been created.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@MariusStorhaug MariusStorhaug Awaiting requested review from MariusStorhaug

Assignees

@MariusStorhaug MariusStorhaug

Copilot code review Copilot

Labels
None yet
Projects
GitHub PowerShell Module
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

🩹 [Patch]: Fine-Grained Permissions Data for GitHub PowerShell Module
2 participants
@Copilot @MariusStorhaug