Bug Report: GitHub admins do not have access to Codecov admin settings

[thazhemadam]

The GitHub admins of the SciML organisation are unable to access the admin settings in the Codecov panel. This is a very serious and critical issue in need of immediate attention and remediation, since repositories that use Codecov v5 across the organization now have CI failing on forks from PRs because tokenless uploads cannot be enabled.

Moreover, there are members who are admins on the GitHub organization, who do not have "Admin" access on codecov and have only "Developer" access.

Please advise on how this issue can be troubleshooted and access to the admin settings can be regained.

Expected behavior

GitHub admins should have access to Codecov admin settings.

Screenshots

This is all the GitHub admins can see on the admin settings page.

[rohan-at-sentry]

@thazhemadam - taking a look now

[rohan-at-sentry]

@thazhemadam can you confirm if you are an admin? If you prefer you can write in with additional details at https://about.codecov.io/contact/ so we can check in to see if there's issues with user permisisons on our end.

[thazhemadam]

@rohan-at-sentry yes, I can confirm that I'm an admin. I've written a mail to support as well; although I wasn't provided a ticket/reference number I can share for your reference.

[drazisil-codecov]

Hi @thazhemadam . Your ticket is 138451, but I'm taking a look now.

[drazisil-codecov]

Hi, @thazhemadam

Per request B015:2EE0:45F7C:8A96B:6740965B, made as thazhemadam, to /orgs/SciML/memberships/thazhemadam at 2024-11-22T14:34:04.042000 UTC, GitHub said the user is not a member, with the exact wording of {"message":"You must be a member of SciML to see membership information for thazhemadam.","documentation_url":"https://docs.github.com/rest/orgs/members#get-organization-membership-for-a-user","status":"403"}

@avik-pal gets the same issue.

@devmotion appears to be the only one that GitHub believes is an admin.

Is there anything different about how your access is granted on GitHub vs. @devmotion 's? Once we figure that out, we can figure out how to fix it on Codecov.

[thazhemadam]

Is there anything different about how your access is granted on GitHub vs. @devmotion 's? Once we figure that out, we can figure out how to fix it on Codecov.

No, there isn't. If there is anything in specific that you would like me to check, please let me know.

The folks you have listed above are the GitHub organization owners who are currently listed as admins on Codecov. Please note that there are additional GitHub organization owners, like @ChrisRackauckas, who have only "Developer" access on Codecov, but should have "Admin" access by default (assuming Codecov just adopts GitHub's organization ACLs).

[drazisil-codecov]

I'm sure I'll have other ideas once my brain starts running fully, but for now:

• Are you all listed as Owner on https://github.com/orgs/SciML/people ? (Assuming I crafted the URL correctly)
• Are you all granted Admin though the same team?

[thazhemadam]

Are you all listed as Owner on github.com/orgs/SciML/people ? (Assuming I crafted the URL correctly)

Yes, we're all listed as Owner.

Are you all granted Admin though the same team?

Does "team" here refer to a GitHub team? If so, not exactly, no. We belong to different internal org teams, but there are overlaps.

[drazisil-codecov]

@thazhemadam I don't know then. Can you take request id B015:2EE0:45F7C:8A96B:6740965B to GitHub support and ask why they said you aren’t a member? :-/

[thazhemadam]

@drazisil-codecov would it be possible for you to provide me more context on which specific type of request B015:2EE0:45F7C:8A96B:6740965B corresponds to?

Using the GitHub API^1 and running

gh api \
  -H "Accept: application/vnd.github+json" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  /orgs/SciML/memberships/thazhemadam | jq .state

returns "active" for me.

[drazisil-codecov]

@thazhemadam https://github.com/codecov/feedback/issues/586#issuecomment-2493972644 has all the details I have. I wonder if the OAuth token we used to make the API call (as you) was somehow expired 🤔