Shippable / support

Shippable SaaS customers can report issues and feature requests in this repository
101 stars 28 forks source link

Joining an organization without to give up private repos #5015

Open challet opened 4 years ago

challet commented 4 years ago

Hello, I've been added to a Github organization which uses Shippable.

As part of your registration to access their builds, how can I authorize you to access this organization (which you probably have already) without all the rest you're asking but that is unrelated ?

a-murphy commented 4 years ago

If you don't need to use (or see) any private repositories with Shippable, you can enable only public GitHub repositories. There are two choices, public repositories only and both public and private repositories. The webhook admin access is required to create webhooks when projects are enabled, and the repository access to clone private repositories when they are built.

For a GitHub organization, enabling OAuth restrictions may be an option for you: https://help.github.com/en/github/setting-up-and-managing-organizations-and-teams/enabling-oauth-app-access-restrictions-for-your-organization Restricting OAuth apps access to the second organization would, by not granting Shippable access, not allow Shippable access to those repositories at all. We wouldn't even be able to tell that they exist.

Alternatively, you could also use another GitHub account for Shippable, only allowing it access to the repositories you choose.

challet commented 4 years ago

Hello, I don't get it, sorry. Why on earth do you need my private repos to give me access to the builds of an organization you know I'm part of through the read:org scope ? This one has been granted, but a 404 remains.

By the way, after trying various scopes, I removed completly the authorization, awaiting to understand more. But the Sync process is stuck (on https://app.shippable.com/accounts/xxxxx/settings) with the previous ones and the checkbox private is not clickable anymore.

a-murphy commented 4 years ago

I'll mark this as a feature request for an alternate method of determining which projects a user can access.

Although the read:org scope would show that you belong to an organization, that alone does not mean that you have access to all the repositories in the organization. Right now, we determine which projects a user can see by the repositories to which the user has access. And a private organization repository is not listed by GitHub with only read:org.

Since it sounds like you are having trouble with sync, I've deleted the SCM integration for your account. Logging out and back in will create a new one, which should work. The "private" button should not be clickable after private scopes are enabled, so that may be why that button cannot be clicked.