Closed travis-infosec closed 1 week ago
In repo B, I have this in the develop branch in .github/access_token.yml (I kept widening the policy to try and get it to work, so this is not a permanent config)
the access policy file needs to be named access-token.yaml
instead of access_token.yml
I think that this is checking for a .github/access-token.yml in the main branch, and not finding it, and then falling back to the fact we don't have an owner policy repo set up, because none of your several StackOverflow comments mention having to set up an owner policy. Can you please confirm?
Since the latest version you need to have an owner policy repo (OWNER/.github-access-token)
I have updated and cleaned-up the README and tried to explicitly added the owner policy setup in the prerequisites section.
And I probably should add support for .yaml
and .yml
policy file endings. WDYT?
What is the more common naming .yaml
or .yml
in you opinion?
Latest server supports .yaml
and .yml
file endings (ensure you grant latest permission changes to your app installation)
@travis-infosec how is it going?
Hello,
I'm attempting to use your system for pulling two private repos that are dependencies of the current one. I should be able to do this as my specialty is cryptology & security, but am having trouble with your documentation.
Assume repo A that has dependencies of repo B and C. Assume that I'm making all my changes in development branches.
In repo B, I have this in the develop branch in .github/access_token.yml (I kept widening the policy to try and get it to work, so this is not a permanent config)
And in repo C, I have this in develop branch:
In repo A, I had something like this:
However, I was getting the error that the action was denied by (ORG_HERE) owner policy.
There's not a lot more debug info in the stack trace - it was in merge... process ticks ... http request ... get access token. If you really need it I'll repro and scrub any company-specific info out of it.
I think that this is checking for a
.github/access-token.yml
in the main branch, and not finding it, and then falling back to the fact we don't have an owner policy repo set up, because none of your several StackOverflow comments mention having to set up an owner policy. Can you please confirm?It's not clear at all what the owner policy is... so I'm a bit baffled - but your tool seems very useful!