I want to use Travis CI for personal projects, I would like to know if it is possible to prevent Travis CI to have access to an organization as a member and not an administrator.
If you have a Github account for yourself it is a personal account. That account can be a member or owner of any number of Github organizations.
If you are just trying to add Travis CI so that it has access to your personal repositories but not to the organizations you administer, you can do so easily.
When you sign in to the Travis CI website with your personal Github account for the first time, it asks you to "authorize Travis CI":
This page has an "organizations and teams" section that defaults to read-only (it can see what repositories etc your orgs have but cannot take any actions on them)
This page also has an "Organization Access" section at the bottom with a list of each Github organization you are a member of. As long as you do not click "request" or "grant" on any of those, your orgs will not yield any control to Travis CI.
Related
I am an instructor that uses Github classroom. All students in the classroom setup their repos with a specific prefix. I have a script that will retrieve my repos, find the ones that have the specific prefix and set the Notifications as I wish. All this works beautifully with one fatal flaw. The repos retrieved do not include the repos in my Github classrooms, just my personal repos.
I got this far by using my Github username and PAT as credentials for the API, but that does not seem to have the scope to find the repos in my Github classroom, even though the username for my personal Github account and my classroom appear to be the same.
How do I address the Github classroom repos specifically?
What privileges do Azure Pipelines Bot require from a GitHub user asking for a pipeline re-run? Currently, it reacts to /azp run comment of the user with the following error message:
Commenter does not have sufficient privileges for PR 9999 in repo org/repo
The whole integration works flawlessly for other users of the same repository.
According to your description, This problem seems to be that the user does not have sufficient repository permissions.
Please refer to the following steps to check:
Responses to this commands will appear in the pull request discussion only if your pipeline uses the Azure Pipelines GitHub App. Make sure your pipeline uses the Azure Pipelines GitHub App.
Repository collaborators can comment on a pull request to manually run a pipeline. Please check whether the user is collaborator. If not, please invite collaborators to a repository.
Make sure that your membership is public in the repository's organization, or directly add the user as a repository collaborator. Azure Pipelines cannot see private organization members unless they are direct collaborators or belong to a team that is a direct collaborator.
How to invite collaborators to a repository:
On GitHub, navigate to the main page of the repository.
Under your repository name, click Settings.
In the left sidebar, click Manage access, then click Invite a collaborator button.
Under "Invite a collaborator to {your repository}", start typing the collaborator's username. Select the collaborator's username from the drop-down menu.
Click Add collaborator.
Note: Only one /azp command per comment.
Reference document:
https://learn.microsoft.com/en-us/azure/devops/pipelines/repos/github?view=azure-devops&tabs=yaml#comment-triggers
Recently I removed the writing rights of a former collaborator who left our github project.
Then I noticed that in the commits page there was no more report for the continuous integration tests with AppVeyer( by clicking on the red cross or the green check).
I gave again the write permission to this former collaborator and the report for AppVeyer became visible again.
So I looked more carefully at the features related to AppVeyor and this former collaborator. I saw that:
in https://ci.appveyor.com/team at Account > Team > GitHub teams, I have not yet granted access to any GitHub teams and by clicking on CONFIGURE TEAMS I see that AppVeyor is authorized to act on behalf of this_former_collaborator GitHub account with admin:repo_hook, read:org, repo:status scope.
in https://github.com, for our organization, by editing, in Seetings > Third-party access, the AppVeyor CI application, I see "approval requested by this_former_collaborator".
What can I do to remove the write rights to our Github project from this former contributor while keeping the results of the ongoing AppVeyor CI tests on the project commits page (and don't lose the history of the tests)?
Thanks to the fast and efficient help of AppVeyor's support team I was able to fixe this problem by authorising AppVeyor as GitHub App. Everything works fine now ...
I read the documentation about the GitHub integration in AppVeyor and one thing is still not clear to me:
When I want to use GitHub teams, do I still need to invite people to be collaborators in AppVeyor?
If so, how does it work with permissions? If both GitHub teams and users/collaborators are assigned to roles, what does take precedence? Eg. user is directly assigned to an "Administrators" role and also a member of a GitHub team with a lower set of permissions. Are the two sets of permissions combined somehow?
In other words, is it possible to manage access to AppVeyor only through GitHub teams? (Without having to invite users to AppVeyor.) If not, what's the point of GitHub teams integration...?
I configured several GitHub teams from our organization (Kentico) with certain roles in AppVeyor. However, the users belonging to the GitHub teams didn't see the Kentico account in AppVeyor when they signed in with their GitHub account.
You do not have to invite GitHub team members (though you can). They should see your account in top left drop down when logged with GitHub button.
If you still invite them, GitHub team role takes over role you assigned in invitation.
Yes, you should be able just use GitHub teams. When GitHub team member login into AppVeyor with GitHub button, hidden Collaborator automatically created.
Let us troubleshoot your specific users over support ticket you created on our forum.
I tried to:
Revoke access and authorize again at https://ci.appveyor.com/account/kentico/authorizations - DIDN'T WORK
Remove and recreate the GitHub team at https://ci.appveyor.com/account/kentico/github-teams - DIDN'T WORK
Verify that both AppVeyor and AppVeyor CI are authorized OAuth apps at https://github.com/settings/applications - DIDN'T WORK
Reinstalled AppVeyor from GitHub marketplace: https://github.com/marketplace/appveyor - WORKED
I have a github account: https://github.com/remkohdev
and am a member of several github organizations
I have added all organizations to the Bluemix DevOps Third Party applications authorizations.
But I cannot change the default github organization to a different organization when I enable the Toolchain on Bluemix, so that I can create/edit the source code to the repo in a different than default Github organization?
Error:
The integration could not be set up. Check the settings and try again.
Reason: Unable to update the git integration. An error occurred while cloning the git repository. Error details: Unable to read the repository on: https://github.com/eventquarry/server.git. User is not authorized, or repository does not exist.
When you authorized with GitHub you probably did not explicitly grant access to the eventquarry organization.
To fix this, first you need to revoke your token by logging into Github.com, then click settings > Authorized applications > Revoke "IBM Bluemix Toolchains". Now go back to Bluemix, and when you click on the GitHub tool you will see an “Authorize” button. Upon clicking, you will be taken to GitHub, and here you need to click "Grant Access" next to eventquarry (and all orgs you would like to grant access to) before clicking "Authorize application".
Now you should be able to fork/clone/link with the private repositories in the eventquarry organization.
The devops git folks responded with this:
Right now, we don't support the ability to create new organization repositories through the toolchain UI. Any new repos are created under the personal account of the user. It is possible to link to existing organization repos by typing in the repo URL in the field. (Org repos won't show up in the dropdown, but the URL can be entered manually.) Note that the user needs admin privileges on the repo they're linking to in order to have a fully functioning integration though. It's possible to link to a repo without admin privileges, but we can't create a webhook on the repo, so there's no way for us to be notified of commit events. Pipelines will only run manually if the user doesn't have admin privileges on the repo.
Let me know if this is helpful...