GitHub App access to other repositories in organization - github3.py

I have a Github App created under an organization and is installed to a repository under the same organization. This app needs read access to other repositories in the same organization for fetching configuration. I tried reading a file from a different repository after authenticating using github3 login_as_app_installation API. I get below error
File "lib/python3.6/site-packages/github3/github.py", line 1981, in repository
json = self._json(self._get(url), 200)
File "lib/python3.6/site-packages/github3/models.py", line 156, in _json
raise exceptions.error_for(response)
github3.exceptions.NotFoundError: 404 Not Found
But this works if I install the app to every repository where I need read access. Can I achieve this without installing the app explicitly as there is no concept of Access Token at Organization level?

Installation token only allows access to the repository where the app is installed. If we need access to other repositories either we need to install the app to the repository or get access to it using the personal access token

Related

Project nuget feed in azure dev cannot be accessed from reader

I have created a Project scoped nuget feed in azure dev. I have some developers that I want them to be able to list/restore and read nuget packages so that they can add them in the projects they are working on.
I have added them in my organization (they are using an email address like outlook.com and gmail.com) without any project access and then from the nuget feed permissions I gave the permissions as Readers
When they try to run nuget list they get
Unable to load the service index for source https://pkgs.dev.azure.com/myorganizationname/e1f090d9-f848-428b-b774-7fd9dfc873ef/_packaging/Nuget-Test-Feed/nuget/v3/index.json.
Response status code does not indicate success: 404 (Not Found - VS800075: The project with id 'vstfs:///Classification/TeamProject/e1f090d9-f848-428b-b774-7fd9dfc873ef' does not exist, or you do not have permission to access it. (DevOps Activity ID: 09410946-865a-4d69-9b05-f1fd1d668891)).
Why they are not be able to access this feed?
Project nuget feed in azure dev cannot be accessed from reader
That is because the Project-scoped feeds inherit the visibility of the project.
So, if the user is not added to the project, will not access the feed.
To resolve this issue, please try to add the user to the project.
As test, I add my test use as Project Readers:
Then my test user could access the feed:

How to create user repository via GitHub App API?

A user installed my github app for his personal account (not organization). My github app has read & write administration permissions.
When I perform the request (I use go-github sdk) I get the following error:
POST https://api.github.com/user/repos: 403 Resource not accessible by integration []
There are two different endpoints for creating repositories in organization and for user. Endpoint for creating user repos is the POST method /user/repos. When I look github official documentation on github app permissions it doesn't actually list POST method for user/repos. So it's not clear how to create user repos via github app, if possible at all.
I got a response from github support. This behaviour is expected. To create new repos under a user you have to use user-to-server token (oauth2 token). It can be acquired during installation if you enable option "Request user authorization (OAuth) during installation" in your github app. This way user not only install your github app but also will authorize your github app.

Github API organisation access using OAuth app

I'm building a Google Spreadsheet app where Google app script will commit the generated files into a git repository. Access is using an OAuth app, client id and secret.
Committing files to repo that I own works fine, but when I try to commit and push files to a repository I created under an organisation, it seems like the repo isn't there.
Error: {"message":"Not Found","documentation_url":"https://docs.github.com/rest/reference/git#create-a-blob"}
Looking at both, the only difference between them is the URL used to access the API.
The one that works: https://api.github.com/repos/[my username]/[repo name]/git/blobs
Not working: https://api.github.com/repos/[org name]/[repo name]/git/blobs
Is there a separate API for dealing with organisation repo? I even created a public repo to test and it wouldnt work.
Found the solution.
The OAuth app access was denied as it was created with my account. Create the OAuth app with the organisation account instead.

Deploy shiny app on shinyapp.io with package in private organization repo

I'm trying to deploy a shiny app to the shinyapps.io server, but keep getting an error relating to a custom-built package that is hosted in a private github repo owned by our organization (note that I have replaced the actual name of the package, company name, and private repo name in the error below):
error: Building package: [PACKAGE NAME]
################################ Begin Task Log
################################
################################# End Task Log
#################################
Error: Unhandled Exception: Child Task 530176316 failed: Error building
image: Error fetching [PACKAGE NAME] (1.0.2) source. Error accessing GitHub
repository ORGANIZATION/PRIVATE_REPO. HTTP 404: Not Found
I know the repo link is good, because installing via devtools::install_github("ORGANIZATION/PRIVATE_REPO, auth_token = token works.
I'm an admin for the organization page, and also made sure that token has both repo and admin:org scope.
I've also made sure to tick "Private Repository Access" in my shinyapps.io account page as stated here.
Anyone have any thoughts on what I might be doing wrong??
Thanks!
Create an .Rprofile file in your project folder that you would intend to deploy.
You would need to set that repo options in the .Rprofile. and add your private github link. Something like
# A sample .Rprofile file with two different package repositories.
local({
r <- getOption("repos")
r["CRAN"] <- "https://cran.rstudio.com/"
r["mycompany"] <- "http://rpackages.mycompany.com/"
options(repos = r)
})
This is well explained here. Package management in RStudio Connect.
It is necessary to enable private access to the repo in the shinyapps.io dashboard as shown here
But you also need to give the proper permissions to the organization from github -> settings -> applications
Select shinyapps from the applications list
And then grant access to the specific organization
And you are done!
rsconnect will automatically detect the source of the repo, provided it as installed with the auth_token parameter using devtools::install_github
Just in case, I found the above answer to allow for specific corporate repositories, not installing from a private github repo. For that, this link has this to say:
Go to Account >> Profile, then under github LINK the accounts, and allow private repo access.

Github API v3 -- required permissions for managing deploy keys?

I have a Github App set up using their v3 API. I am successfully authenticating and I can create and modify repositories. I'm trying to also attach a deploy key to a newly created repository. However, I'm getting 403: Resource not accessible by integration -- this is regardless of whether I try to read or write the keys. The app is installed on the organization, and the repository is also owned by that same org.
The api documentation gives routes for managing deploy keys: https://developer.github.com/v3/repos/keys/#add-a-new-deploy-key
But the permissions list doesn't mention deploy keys at all: https://developer.github.com/v3/apps/permissions/#permission-on-administration
I have turned on Read & Write access for Repository Administration, Repository Contents, and Repository Projects in the permissions for the app, but I'm still getting this access error.
That endpoint hasn't been enabled for GitHub Apps yet -- you can only use it with OAuth tokens currently (or Basic Auth).
I recommend requesting that this be added for GitHub Apps over on the Platform forum for Apps:
https://platform.github.community/c/integrations
That's the best place to ask questions and provide feedback about GitHub Apps (GitHub staff monitors that forum and answers questions).
I can add deploy keys with "Read and write access to administration" permission. (as of Jan 17, 2023)