Is it possible to limit who can create repositories in a Github organization. From this article: https://help.github.com/en/enterprise/2.14/user/articles/restricting-repository-creation-in-your-organization it seems like the options are basically owners or everyone. Is there a middle ground?
Making someone a Github owner is a serious permission so we really don't want to give that out just so that someone can make a repo. On the other hand allowing everyone in the organization the ability (contractors, non-technical, read-only roles) the permission to make repos seems too broad.
Has anyone come up with a better solution for this?
One workaround would be to setup a webhook.
That means having a listener for a repository event, which does include the owner: If said owner is not part of an admin list, the listener could:
send back an email to the owner of the newly created repostory, explaining that creation has been denied
delete the repository (through the GitHub API)
Related
Is there a way for me to invite a contributor, allow him to fork from my project and submit a Pull Request, without being able to commit and Push directly into the repository ?
I am new to this, I'm doing some testing and it seems that it should be an easy way to accomplish this, but I cannot find it. I have two accounts and it seems that I can just delete and modify anything in the repository, from the collaborator (guest) account, with no restrictions and moderation from the owner account.
I've transfered ownership of one of my github repositories (rdmuller/docToolchain) to an organisation (docToolchain/docToolchain).
So far, so good. All old URLs are redirected to the new location. Perfect.
But how do I now fork this repository? I fear that, if I fork it, a fork with the name of the old repository (rdmueller/docToolchain) will be created and the redirect will be broken this way...
how can I avoid this?
So, I guess I found a workaround.
suppose you have a repository
user1/repo1
You now want to transfer ownership to org1 and create a fork of it in your account user1.
The problem is that, if you create this fork directly, there will be again a repo called user1/repo1 and github is not able to redirect URLs to the old repository to org1/repo1
Solution:
transfer ownership from user1/repo1 to org1/repo1
create a temporary organisation org2
fork org1/repo1 to org2/repo1
rename org2/repo1 to something like org2/repo1-fork
transfer ownership from org2/repo1-fork to user1/repo1-fork
this seems to do the trick.
Since May 2020, Ben Balter (Senior Product Manager working on Community and Safety at #GitHub) mentions in his tweet:
We're beta testing a new GitHub feature that allows you to invite someone to manage your open source projects in the event that you are unable able to do so yourself.
If you'd like early access, reply or DM with your GitHub handle and I can add you.
See "Maintaining ownership continuity of your user account's repositories"
You can invite someone to manage your user owned repositories if you are not able to.
We recommend inviting another GitHub user to be your successor, to manage your user owned repositories if you cannot. As a successor, they will have permission to:
Archive your public repositories.
Transfer your public repositories to their own user owned account.
Transfer your public repositories to an organization where they can create repositories.
Say I make an organization, and set someone else to owner. Will they be able to remove me from that organization? Or are there special elevated perms for the "original" owner?
I'm not sure if StackOverflow is even the right place for this question, but I haven't been able to find anything about this online.
Yes, once you make a user owner of your organization, user gets all the permissions as you. So, user can remove you from organization.
Github can't recognize you as Original owner. There are only two possible roles, OWNER and MEMBER.
Depends what you want to do. If you want them to be able to add/remove other members without giving over full organisation access you try to add a team, add the repositories you want to that team with write access, then make the user a "maintainer" of the team which should allow them to add/remove users and therefore manage write access to particular repositories.
https://help.github.com/en/github/setting-up-and-managing-organizations-and-teams/permission-levels-for-an-organization
We have quite a few repositories in our organization, and we are constantly adding more. We also have a few different teams - Superusers, Developers, Contractors, etc. I want every newly created repository to automatically assume default permissions, like Superusers get automatic admin access to the repo, Contractors group gets just read access, etc. Is it possible to set that up? Is there a setting somewhere that I missed? And if there's not a way to do that, is there a way to batch apply a permission for one group to all repos within an account?
Update June 2017: with nested teams, you now can associate permissions to sub-teams, which could help group of users to have the correct right regarding a repo part of the organization.
Original answer (Apr. 2016)
Is it possible to set that up?
I did not see a way through the native GitHub web GUI administration pages.
And "permission" is deprecated when creating a team.
What you could consider though is a webhook listening for a an event, like a repository event.
That script listening to the event could then use the Team API to update the permission of the teams (according to their names) for the newly created repo.
Is there a way to know which people have merge privileges on a public GitHub repository. If the owner is a user and not an organization, then at least I know one maintainer, but it's possible that there are other users with merge rights. Also, if the owner is an organization it is possible, that not all members of the organization have merge rights. So is there a way to find the exact maintainers?
Team privileges are not public in general. Even an organization-membership is not public since the publicity must be chosen by the given member, as the Documentation states:
,,By default, your organization membership visibility is set to private. You can choose to publicize individual organization memberships on your profile."
This partly applies for their implementation of CODEOWNERS, too. If it is up to date the given source file is annotated with a link to its responsible GitHub user.
However there's normally no need to know the individual maintainers of a repository (since every interaction with repos you're able to access is covered by the GitHub UI, which also assures that somebody takes care about your request). If your attention is about a public repository you might search the commits for accepted pull-request. But in that case you would preferably fork the repo and just generate pull-requests on your own.
You are even not able to contact an organization via GitHub - try to find their official website, contact them and ask for their maintainers if you need that information.
GitHub (since July 2017) now officially supports "code owners" for projects. Code owners are individuals or teams that are responsible for code in a repository.
Project maintainers can add a CODEOWNERS file to their repository to make it easier for others to identify code owners and have code owners be notified to review Issues and Pull Requests.
See the announcement post and help article for more info.
Just go to the team members tab within your repo, on the right it will describe what type of member they are. Ex: member or owner.