From 63d825955b3fdc596c044f3d406d110d0950f783 Mon Sep 17 00:00:00 2001
From: Nicolas Zin <nicolas.zin@gmail.com>
Date: Sun, 2 Mar 2025 14:07:51 -0500
Subject: [PATCH] bugfixes for default branch property

---
 CHANGELOG.md              |  4 +++
 cmd/goliac/main.go        |  8 -----
 docs/installation.md      |  2 +-
 docs/security.md          | 67 ++-------------------------------------
 internal/config/env.go    | 16 ++++------
 internal/engine/remote.go |  4 +++
 internal/goliac.go        |  4 +--
 7 files changed, 20 insertions(+), 85 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5a180fc..7f3b5a3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,7 @@
+## Goliac v0.15.8
+
+- default branch bugfixes: when the repo is empty, and when the Github App doesn't have content access
+
 ## Goliac v0.15.7
 
 - allow to use a PAT (Personal Access Token) to run Goliac (in particular useful to scaffold)
diff --git a/cmd/goliac/main.go b/cmd/goliac/main.go
index a4c3b1e..4f17a5f 100644
--- a/cmd/goliac/main.go
+++ b/cmd/goliac/main.go
@@ -368,14 +368,6 @@ Either local directory, or remote git repository`,
 	rootCmd.AddCommand(servecmd)
 	rootCmd.AddCommand(versioncmd)
 
-	// if the team app is not set, use the app github app settings
-	if config.Config.GithubTeamAppID == 0 {
-		config.Config.GithubTeamAppID = config.Config.GithubAppID
-	}
-	if config.Config.GithubTeamAppPrivateKeyFile == "" {
-		config.Config.GithubTeamAppPrivateKeyFile = config.Config.GithubAppPrivateKeyFile
-	}
-
 	if err := rootCmd.Execute(); err != nil {
 		fmt.Println(err)
 		os.Exit(1)
diff --git a/docs/installation.md b/docs/installation.md
index cf8212d..1817903 100644
--- a/docs/installation.md
+++ b/docs/installation.md
@@ -28,7 +28,7 @@ In GitHub:
   - Give Read/Write access to `Members`
 - Under Repository permissions
   - Give Read/Write access to `Administration`
-  - Give Read/Write access to `Content`
+  - Give Read/Write access to `Content` (it is needed to access the default branch of repositories)
 - Where can this GitHub App be installed: `Only on this account`
 - And Create
 - then you must
diff --git a/docs/security.md b/docs/security.md
index 6a3c1db..e27fc69 100644
--- a/docs/security.md
+++ b/docs/security.md
@@ -1,68 +1,5 @@
 # Security
 
-## Security hardening
-
-If you want to narrow down what Goliac is doing, you can create 2 github apps
-- one to access only the `goliac-team`'s repository
-- another one that dont have repository access, but only to the organization administrative APIs
-
-### Goliac-Teams GitHub App
-
-You need to 
-- Register new goliac-teams GitHub App
-  - in your profile settings, go to `Developer settings`/`GitHub Apps`
-  - Click on `New GitHub App`
-- Give basic information:
-  - GitHub App  name can be `<yourorg>-goliac-teams-app`
-  - Homepage URL can be `https://github.com/goliac-project/goliac`
-  - Disable the active Webhook
-- Under Repository permissions
-  - Give Read/Write access to `Administration` (needed to bypass the 'vaidate' check)
-  - Give Read/Write access to `Content` (needed to be able to udpate the repository)
-- Where can this GitHub App be installed: `Only on this account`
-- And Create
-- then you must
-  - collect the AppID
-  - Generate (and collect) a private key (file)
-- Go to the left tab "Install App"
-  - Click on "Install"
-  - On Repository access, select "Only select repositories", and select the goliac-team's repository
-
-We will set ip up in Goliac with
-- `GOLIAC_GITHUB_TEAM_APP_ID` environment variable
-- `GOLIAC_GITHUB_TEAM_APP_PRIVATE_KEY_FILE` environment variable
-
-### Admin GitHub App
-
-If you already created a Github app (when following the installation instructions), you can use it, but remove the repository access
-
-Else you need to
-- Register new GitHub App
-  - in your profile settings, go to `Developer settings`/`GitHub Apps`
-  - Click on `New GitHub App`
-- Give basic information:
-  - GitHub App  name can be `<yourorg>-goliac-app` (it will be used in the rulesets later)
-  - Homepage URL can be `https://github.com/goliac-project/goliac`
-  - Disable the active Webhook
-- Under Repository permissions
-  - Give Read/Write access to `Administration`
-- Under Organization permissions
-  - Give Read/Write access to `Administration`
-  - Give Read/Write access to `Members`
-- Where can this GitHub App be installed: `Only on this account`
-- And Create
-- then you must
-  - collect the AppID
-  - Generate (and collect) a private key (file)
-- Go to the left tab "Install App"
-  - Click on "Install"
-  - On Repository access, select "All repositories" (except if you are doing a test and want to select the repositories to manage)
-
-We will set ip up in Goliac with
-- `GOLIAC_GITHUB_APP_ID` environment variable
-- `GOLIAC_GITHUB_APP_PRIVATE_KEY_FILE` environment variable
-
-
 ## Networking
 
 ### Outbond connections
@@ -128,11 +65,11 @@ By default Goliac will logs
 - in text format (you can change it via `GOLIAC_LOGRUS_FORMAT` to `json`)
 - as info (you can change it via `GOLIAC_LOGRUS_LEVEL` to `warn` or `error`)
 
-Intentionally, with the (default) info level, Goliac will output command it is running, with some PII informations (name of the author of the change, some information on the changes. you can check the `internal/engine/goliac_reconciliator.go` for more details, especially all `logrus.WithFields` code). It is the intented behaviour to be able to collect what Goliac is doing.
+Intentionally, with the (default) info level, Goliac will output command it is running, with some PII informations (some information on the changes. you can check the `internal/engine/goliac_reconciliator.go` for more details, especially all `logrus.WithFields` code). It is the intented behaviour to be able to collect what Goliac is doing.
 
 It will output something like
 ```
-time="2024-11-10T04:03:14-05:00" level=info msg="teamslug: a_github_team, username: a_username_githubid, role: member" author=author_of_the_commit command=update_team_add_member dryrun=false
+time="2024-11-10T04:03:14-05:00" level=info msg="teamslug: a_github_team, username: a_username_githubid, role: member" command=update_team_add_member dryrun=false
 ```
 
 If you want to restrict this behaviour, you can change the log level (to `warn` or `error`), and you can still keep the audit feature of Goliac, by reviewing the Git history of your teams repository (in Github)
diff --git a/internal/config/env.go b/internal/config/env.go
index 6a81445..1c2e0bb 100644
--- a/internal/config/env.go
+++ b/internal/config/env.go
@@ -9,15 +9,13 @@ var Config = struct {
 	// Possible values: text, json
 	LogrusFormat string `env:"GOLIAC_LOGRUS_FORMAT" envDefault:"text"`
 
-	GithubServer                string `env:"GOLIAC_GITHUB_SERVER" envDefault:"https://api.github.com"`
-	GithubAppOrganization       string `env:"GOLIAC_GITHUB_APP_ORGANIZATION" envDefault:""`
-	GithubAppID                 int64  `env:"GOLIAC_GITHUB_APP_ID"`
-	GithubAppPrivateKeyFile     string `env:"GOLIAC_GITHUB_APP_PRIVATE_KEY_FILE" envDefault:"github-app-private-key.pem"`
-	GithubTeamAppID             int64  `env:"GOLIAC_GITHUB_TEAM_APP_ID"`
-	GithubTeamAppPrivateKeyFile string `env:"GOLIAC_GITHUB_TEAM_APP_PRIVATE_KEY_FILE"`
-	GithubPersonalAccessToken   string `env:"GOLIAC_GITHUB_PERSONAL_ACCESS_TOKEN"`
-	GoliacEmail                 string `env:"GOLIAC_EMAIL" envDefault:"goliac@goliac-project.com"`
-	GoliacTeamOwnerSuffix       string `env:"GOLIAC_TEAM_OWNER_SUFFIX" envDefault:"-goliac-owners"`
+	GithubServer              string `env:"GOLIAC_GITHUB_SERVER" envDefault:"https://api.github.com"`
+	GithubAppOrganization     string `env:"GOLIAC_GITHUB_APP_ORGANIZATION" envDefault:""`
+	GithubAppID               int64  `env:"GOLIAC_GITHUB_APP_ID"`
+	GithubAppPrivateKeyFile   string `env:"GOLIAC_GITHUB_APP_PRIVATE_KEY_FILE" envDefault:"github-app-private-key.pem"`
+	GithubPersonalAccessToken string `env:"GOLIAC_GITHUB_PERSONAL_ACCESS_TOKEN"`
+	GoliacEmail               string `env:"GOLIAC_EMAIL" envDefault:"goliac@goliac-project.com"`
+	GoliacTeamOwnerSuffix     string `env:"GOLIAC_TEAM_OWNER_SUFFIX" envDefault:"-goliac-owners"`
 
 	GithubConcurrentThreads int64 `env:"GOLIAC_GITHUB_CONCURRENT_THREADS" envDefault:"5"`
 	GithubCacheTTL          int64 `env:"GOLIAC_GITHUB_CACHE_TTL" envDefault:"86400"`
diff --git a/internal/engine/remote.go b/internal/engine/remote.go
index ca0441c..e15413a 100644
--- a/internal/engine/remote.go
+++ b/internal/engine/remote.go
@@ -709,6 +709,10 @@ func (g *GoliacRemoteImpl) loadRepositories(ctx context.Context) (map[string]*Gi
 				BranchProtections: make(map[string]*GithubBranchProtection),
 				DefaultBranchName: c.DefaultBranchRef.Name,
 			}
+			// if the repository has not been populated yet
+			if repo.DefaultBranchName == "" {
+				repo.DefaultBranchName = "main"
+			}
 			for _, outsideCollaborator := range c.OutsideCollaborators.Edges {
 				repo.ExternalUsers[outsideCollaborator.Node.Login] = outsideCollaborator.Permission
 			}
diff --git a/internal/goliac.go b/internal/goliac.go
index 239be7d..63484d8 100644
--- a/internal/goliac.go
+++ b/internal/goliac.go
@@ -74,8 +74,8 @@ func NewGoliacImpl() (Goliac, error) {
 	localGithubClient, err := github.NewGitHubClientImpl(
 		config.Config.GithubServer,
 		config.Config.GithubAppOrganization,
-		config.Config.GithubTeamAppID,
-		config.Config.GithubTeamAppPrivateKeyFile,
+		config.Config.GithubAppID,
+		config.Config.GithubAppPrivateKeyFile,
 		config.Config.GithubPersonalAccessToken,
 	)
 	if err != nil {