We are having issues with a GitHub App not being able to start builds in CircleCI. We have several repositories hooked up to build on CircleCI using restricted contexts for security purposes. We have a GitHub App, dependabot, installed to our GitHub organization for all of these repositories. The app creates a new branch with a pull request when it detects newer versions of dependencies for our repositories.
However, when this new branch is created, it triggers a build in Circle on that branch. This is so we can verify that a dependency update passes all CI checks (ex. tests, linting, compiling) before we merge the PR. Because the app user is not a member of any of the GitHub teams associated with the job context, the CircleCI build fails with an “Unauthorized” error.
We realize that we need this user to be associated with a team in GitHub, but as far as we can find there is no way to add that app user to our teams. How would we go about giving a GitHub App user access to a context without giving all users access to the context? We use contexts for security purposes such as separating regular developers from those with production access (hence preventing them from seeing any production-related secrets or kicking off prod deployments in Circle); we really do not want to give up these access controls just so this app can trigger builds in Circle for those PRs.