Is there a way using the VSTS rest API to set permissions on a git repo?
I've got a script that creates a repo, and I want to extend that to set some default permissions (give the project collection build service contribute permissions).
I've read the gui docs and looked through the Rest API docs but can't see that I can set permissions on a repo through the API. Is it possible?
For now, REST API can not set version control permissions (including git repo).
I posted an user voice Set version control permissions by REST API for this feature, you can vote and follow up.
Related
I found the Has Permissions API (https://learn.microsoft.com/en-us/rest/api/azure/devops/security/permissions/has-permissions?view=azure-devops-rest-6.0) and the Create Permissions Report API (https://learn.microsoft.com/en-us/rest/api/azure/devops/permissionsreport/permissions-report/create?view=azure-devops-rest-6.0), but these two do not fit the requirements.
I was wondering if there is an API that can get all the Repos under a project that a user has edit permission to?
The two API you mentioned are normally used to manger the user's global permissions that will affect in all the projects in the organization.
As far as I know, currently, we have no available API or CLI can list all the repositories in a project that an user has the edit permission or other specified permissions.
We are hosting some repository on GitHub, some other on GitLab.
Sometimes, the package is published but not the source code.
We always display build status and code coverage in README.md.
Is there a way to have build and coverage badge on GitLab always accessible to anonymous?
Since release 11.4.8 of Gitlab it's not possible to expose project's Badges through a Personnal Access Token anymore. Because of the change "
Restrict Personal Access Tokens to API scope on web requests."
The commit that removed this "workaround" was published as a security fix
An ongoing issue is currently being discussed to find another solution. Let's see how it goes.
That was followed by issue 13324
It includes:
FYI, I have a workaround for this using the GitLab API.
It assumes you have created a token in GitLab for a user (Note: That "user" needn't necessarily be Human - my use case is to display a badge on a dashboard hosted on a different VM).
<img src="https://<gitlab-uri>/<namespace>/<project>/badges/<branch>/build.svg?private_token=<token>
Update Dec. 2018: This is no loger possible through a token (see Paul B.'s answer).
This is because of "Improper Enforcement of Token Scope":
The GitLab web interface was vulnerable to an authorization issue that allowed access to the web-UI as a user using their Personal Access Token (PAT) of any scope.
The issue is now mitigated in the latest release and is assigned CVE-2018-19569.
But...:
Updated: 2018-11-28: We have received reports that this change has impacted how repo files and job artifacts are downloaded for some users.
For instructions on how to do so through the API, please see our support issue.
And you also have a current workaround which repeats the API access:
It is possible to add the project avatar to the project repository with a particular filename (logo) and then this file will be used for the avatar. There is an example here:
https://gitlab.com/issue-reproduce/project-avatar-repo
You'll be able to retrieve the files through the Repository Files API:
https://docs.gitlab.com/ee/api/repository_files.html#get-file-from-repository
Example:
https://gitlab.com/api/v4/projects/issue-reproduce%2Fproject-avatar-repo/repository/files/logo.png?ref=master
I have a Github App set up using their v3 API. I am successfully authenticating and I can create and modify repositories. I'm trying to also attach a deploy key to a newly created repository. However, I'm getting 403: Resource not accessible by integration -- this is regardless of whether I try to read or write the keys. The app is installed on the organization, and the repository is also owned by that same org.
The api documentation gives routes for managing deploy keys: https://developer.github.com/v3/repos/keys/#add-a-new-deploy-key
But the permissions list doesn't mention deploy keys at all: https://developer.github.com/v3/apps/permissions/#permission-on-administration
I have turned on Read & Write access for Repository Administration, Repository Contents, and Repository Projects in the permissions for the app, but I'm still getting this access error.
That endpoint hasn't been enabled for GitHub Apps yet -- you can only use it with OAuth tokens currently (or Basic Auth).
I recommend requesting that this be added for GitHub Apps over on the Platform forum for Apps:
https://platform.github.community/c/integrations
That's the best place to ask questions and provide feedback about GitHub Apps (GitHub staff monitors that forum and answers questions).
I can add deploy keys with "Read and write access to administration" permission. (as of Jan 17, 2023)
Is there any gerrit REST API or any other way through which we can change the access levels through a script... i did notice that gerrit has the API's to retrive and update other details..but have not found any wrt access levels..
Pls advice.
You can use Git to manage the project config through the refs/meta/config refspec.
There are REST APIs atm. only for reading access settings.
I have an organization on GitHub with private repositories. I also have Jenkins set up running on port 8080 on a server, with the GitHub plugin installed. I've created an account on GitHub for my jenkins user, which resides in the owners group.
I'm trying to trigger a job on jenkins when a change is pushed to my development branch (or master branch, neither seem to be working).
When I look at the GitHub Hook Logs in Jenkins, it says that Polling has not run yet. When I go to "Manage Jenkins", the GitHub plugin says my account is Verified when I test it.
Any insight on how to configure this? I have multiple repositories I'd like to work with, so deploy keys don't seem like the solution to me.
Update:
As Craig Ringer mentions in his answer, you can select Grant READ permissions for /github-webhook in "Configure Jenkins" under the GitHub plugin settings, allowing the webhook to be called without authentication.
Another update: Webhooks are now (Dec. 2014) available for organization: see WebHooks API for orgs.
Note: the issue 4 of the hudson-github-plugin was about:
Last GitHub Push
Polling has not run yet.
And the conclusion was:
Nevermind, the only missing piece was a permission checkbox for the github user which ain't documented anywhere on the internet.
So is this a permission issue regarding your Jenkins users?
The article "Set up Jenkins-CI on Ubuntu for painless Rails3 app CI testing" includes the following process:
To restrict the CI system and give access to your Team members to use or see the build logs, first you’ve to create an account.
Go to Manage Jenkins > Configure System,
Check the Enable Security checkbox
Under Security Realm, choose Jenkins's own user database
Check the Allow users to sign up checkbox
Under Authorization, choose Project-based Matrix Authorization Strategy
Add first user with the name admin and another with GitHub (Note: the username for Admin access has to be admin) For GitHub named user, just choose the Overall Read only permission. We’ll use this user later with the GitHub hook.
Note: The admin and GitHub user that we’ve added in the above step does not create the User. Then you’ve to create a real user with that same name. Ya, I know, its a bit weird with Jenkins UI.
Go to Manage Jenkins > Manage Users > Create User. Create both admin and GitHub users.
Hooking with the Github web-hooks
Now to run the build automagically when new commit or branch gets pushed onto Github, we have to setup the repository.
Got to the hooks page for your repository. e.g.
github.com/<username>/<project_name>/admin/hooks
Under AVAILABLE SERVICE HOOKS > Post-Receive URLs, add github:github#your-ci-server.com/github-webhook/.
The github:github is the user that we’d created earlier.
Then we have to verify Jenkins with Github. Go to Manage Jenkins > Configure System and under GitHub Web Hook, add your Github username and password and click the Test Credential button to authorize once with Github.
It looks like the accepted answer is no longer necessary with the current version of the GitHub plugin. You can instead check Grant READ permissions for /github-webhook in "Configure Jenkins" under the GitHub plugin settings, allowing the webhook to be called without authentication.
As explained in the help on this option that's quite safe, and frankly no worse than having a user named "github" with password "github" anyway.
There are two ways to achieve automatic builds on Jenkins. What you choose depends on whether GitHub can call the Jenkins server URL you provide. This may not be the case if you are running Jenkins behind a firewall.
If GitHub can reach that URL you can set up the service hook on your repo there.
If not you can set up Jenkins to poll periodically.
You may set up both, but one solution is enough to get it working. I would always go for the first if feasible as it saves resources CPU and traffic wise.
Either way you need the GitHub plugin for Jenkins.
Hope that helps a bit.