Doing that requires write access if you're a Github Application. You can't just fork repositories back into another org, since Github Applications only have the permissions of the single organization that they work with. Rulesets that prevent direct pushes to specific branches can help here, but have to be configured for each organization.
Seems like there are multiple ways to address that within the GitHub ecosystem.
For example, you can set up a GitHub Action trigged by `push_request_target` that will call CodeRabbit's API to generate a patch and then push a new commit to the branch. This way CodeRabbit is being polled by a well-defined and minimal action (since this action will have write access to repo) rather than it itself having crazy power to do anything it wants on your repository.
Alternatively, why can't they just comment and propose a patch? GitHub's code review UI allows the human code reviewer to hit a button and incorporate that change into the PR.
There are pros and cons to these other techniques but the clear pro is that it would be more secure.
It just seems like they took the easiest way out rather than thinking it through in typical AI-bro ways.
tadfisher|6 months ago
tedivm|6 months ago
dpcx|6 months ago
xign|6 months ago
For example, you can set up a GitHub Action trigged by `push_request_target` that will call CodeRabbit's API to generate a patch and then push a new commit to the branch. This way CodeRabbit is being polled by a well-defined and minimal action (since this action will have write access to repo) rather than it itself having crazy power to do anything it wants on your repository.
Alternatively, why can't they just comment and propose a patch? GitHub's code review UI allows the human code reviewer to hit a button and incorporate that change into the PR.
There are pros and cons to these other techniques but the clear pro is that it would be more secure.
It just seems like they took the easiest way out rather than thinking it through in typical AI-bro ways.
flippyhead|6 months ago