I have a GitLab running for my Github Organization members to log in. I have configured GitLab to use GitHub to login. I know that I can set GitLab to block every new user, so that I can manually unblock them as I want.
GitHub announced last year that you can now select new scopes such as
read:org
which allows my GitLab to get the user's organizations. Is it possible to configure GitLab to create new users only for members of my organization? If not, I don't want to fork the code and implement it myself, but a plug-in solution would also do the trick. Any advice?
Related
I just signed up for GitLab, after learning about this cool feature where you can import your GitHub repositories and keep the two in sync. The import feature seems simple enough, but I paused when I got to the step where I authorize GitLab to my GitHub account. Why does it need so many permissions? Some make sense to me, others not so much. Specifically:
Personal user data
Full access
This application will be able to read and write all user data. This
includes the following:
Private email addresses
Private profile information
Followers
I understand why it needs to read and write to all public and private repository data. It's moving all that data to GitLab, and it needs to write to keep it in sync. What I don't understand is why it needs write permissions to my email and profile information?
I know that GitLab is a reputable company that didn't just pop up yesterday, but I am still wary when giving full access permissions to any service. If someone could help me understand, that would be appreciated.
You have two options when migrating a repository from GitHub to GitLab. You can migrate using only the url, in which case what you’ll have on GitLab is more similar to what you’d get if you simply added an additional remote in the repo - the full repo will be there, but everything specific to GitHub - the pull requests, comments, issues, etc, as well as all users tagged or participating - will be lost.
Alternatively, you can use the GitHub importer. This option fully migrates the GitHub repo to GitLab, setting up the GitLab equivalents of GitHub features (pull requests become merge requests, etc.). And part of this involves assigning users to each comment, mention, PR, etc.
From the gitlab docs:
When issues and pull requests are being imported, the importer attempts to find their GitHub authors and assignees in the database of the GitLab instance. Pull requests are called merge requests in GitLab.
For this association to succeed, each GitHub author and assignee in the repository must meet one of the following conditions prior to the import:
Have previously logged in to a GitLab account using the GitHub icon.
Have a GitHub account with a public-facing email address that matches their GitLab account’s email address.
GitLab content imports that use GitHub accounts require that the GitHub public-facing email address is populated. This means all comments and contributions are properly mapped to the same user in GitLab. GitHub Enterprise does not require this field to be populated so you may have to add it on existing accounts.
So yes, these are required if you want the full GitHub mirror or migration. If you just want the git repo contents, use the import from url tool, and the requirements will be much less extensive.
We have 7 repos in our Github account and they are currently deployed using Github actions. I wanna confirm if we can convert the account into an organisation and this won't affect my services and website running right now via Github action runners.
I read the documentation about the GitHub integration in AppVeyor and one thing is still not clear to me:
When I want to use GitHub teams, do I still need to invite people to be collaborators in AppVeyor?
If so, how does it work with permissions? If both GitHub teams and users/collaborators are assigned to roles, what does take precedence? Eg. user is directly assigned to an "Administrators" role and also a member of a GitHub team with a lower set of permissions. Are the two sets of permissions combined somehow?
In other words, is it possible to manage access to AppVeyor only through GitHub teams? (Without having to invite users to AppVeyor.) If not, what's the point of GitHub teams integration...?
I configured several GitHub teams from our organization (Kentico) with certain roles in AppVeyor. However, the users belonging to the GitHub teams didn't see the Kentico account in AppVeyor when they signed in with their GitHub account.
You do not have to invite GitHub team members (though you can). They should see your account in top left drop down when logged with GitHub button.
If you still invite them, GitHub team role takes over role you assigned in invitation.
Yes, you should be able just use GitHub teams. When GitHub team member login into AppVeyor with GitHub button, hidden Collaborator automatically created.
Let us troubleshoot your specific users over support ticket you created on our forum.
I tried to:
Revoke access and authorize again at https://ci.appveyor.com/account/kentico/authorizations - DIDN'T WORK
Remove and recreate the GitHub team at https://ci.appveyor.com/account/kentico/github-teams - DIDN'T WORK
Verify that both AppVeyor and AppVeyor CI are authorized OAuth apps at https://github.com/settings/applications - DIDN'T WORK
Reinstalled AppVeyor from GitHub marketplace: https://github.com/marketplace/appveyor - WORKED
I have a github account: https://github.com/remkohdev
and am a member of several github organizations
I have added all organizations to the Bluemix DevOps Third Party applications authorizations.
But I cannot change the default github organization to a different organization when I enable the Toolchain on Bluemix, so that I can create/edit the source code to the repo in a different than default Github organization?
Error:
The integration could not be set up. Check the settings and try again.
Reason: Unable to update the git integration. An error occurred while cloning the git repository. Error details: Unable to read the repository on: https://github.com/eventquarry/server.git. User is not authorized, or repository does not exist.
When you authorized with GitHub you probably did not explicitly grant access to the eventquarry organization.
To fix this, first you need to revoke your token by logging into Github.com, then click settings > Authorized applications > Revoke "IBM Bluemix Toolchains". Now go back to Bluemix, and when you click on the GitHub tool you will see an “Authorize” button. Upon clicking, you will be taken to GitHub, and here you need to click "Grant Access" next to eventquarry (and all orgs you would like to grant access to) before clicking "Authorize application".
Now you should be able to fork/clone/link with the private repositories in the eventquarry organization.
The devops git folks responded with this:
Right now, we don't support the ability to create new organization repositories through the toolchain UI. Any new repos are created under the personal account of the user. It is possible to link to existing organization repos by typing in the repo URL in the field. (Org repos won't show up in the dropdown, but the URL can be entered manually.) Note that the user needs admin privileges on the repo they're linking to in order to have a fully functioning integration though. It's possible to link to a repo without admin privileges, but we can't create a webhook on the repo, so there's no way for us to be notified of commit events. Pipelines will only run manually if the user doesn't have admin privileges on the repo.
Let me know if this is helpful...
I have an organization on GitHub with private repositories. I also have Jenkins set up running on port 8080 on a server, with the GitHub plugin installed. I've created an account on GitHub for my jenkins user, which resides in the owners group.
I'm trying to trigger a job on jenkins when a change is pushed to my development branch (or master branch, neither seem to be working).
When I look at the GitHub Hook Logs in Jenkins, it says that Polling has not run yet. When I go to "Manage Jenkins", the GitHub plugin says my account is Verified when I test it.
Any insight on how to configure this? I have multiple repositories I'd like to work with, so deploy keys don't seem like the solution to me.
Update:
As Craig Ringer mentions in his answer, you can select Grant READ permissions for /github-webhook in "Configure Jenkins" under the GitHub plugin settings, allowing the webhook to be called without authentication.
Another update: Webhooks are now (Dec. 2014) available for organization: see WebHooks API for orgs.
Note: the issue 4 of the hudson-github-plugin was about:
Last GitHub Push
Polling has not run yet.
And the conclusion was:
Nevermind, the only missing piece was a permission checkbox for the github user which ain't documented anywhere on the internet.
So is this a permission issue regarding your Jenkins users?
The article "Set up Jenkins-CI on Ubuntu for painless Rails3 app CI testing" includes the following process:
To restrict the CI system and give access to your Team members to use or see the build logs, first you’ve to create an account.
Go to Manage Jenkins > Configure System,
Check the Enable Security checkbox
Under Security Realm, choose Jenkins's own user database
Check the Allow users to sign up checkbox
Under Authorization, choose Project-based Matrix Authorization Strategy
Add first user with the name admin and another with GitHub (Note: the username for Admin access has to be admin) For GitHub named user, just choose the Overall Read only permission. We’ll use this user later with the GitHub hook.
Note: The admin and GitHub user that we’ve added in the above step does not create the User. Then you’ve to create a real user with that same name. Ya, I know, its a bit weird with Jenkins UI.
Go to Manage Jenkins > Manage Users > Create User. Create both admin and GitHub users.
Hooking with the Github web-hooks
Now to run the build automagically when new commit or branch gets pushed onto Github, we have to setup the repository.
Got to the hooks page for your repository. e.g.
github.com/<username>/<project_name>/admin/hooks
Under AVAILABLE SERVICE HOOKS > Post-Receive URLs, add github:github#your-ci-server.com/github-webhook/.
The github:github is the user that we’d created earlier.
Then we have to verify Jenkins with Github. Go to Manage Jenkins > Configure System and under GitHub Web Hook, add your Github username and password and click the Test Credential button to authorize once with Github.
It looks like the accepted answer is no longer necessary with the current version of the GitHub plugin. You can instead check Grant READ permissions for /github-webhook in "Configure Jenkins" under the GitHub plugin settings, allowing the webhook to be called without authentication.
As explained in the help on this option that's quite safe, and frankly no worse than having a user named "github" with password "github" anyway.
There are two ways to achieve automatic builds on Jenkins. What you choose depends on whether GitHub can call the Jenkins server URL you provide. This may not be the case if you are running Jenkins behind a firewall.
If GitHub can reach that URL you can set up the service hook on your repo there.
If not you can set up Jenkins to poll periodically.
You may set up both, but one solution is enough to get it working. I would always go for the first if feasible as it saves resources CPU and traffic wise.
Either way you need the GitHub plugin for Jenkins.
Hope that helps a bit.