We have someone who has submitted a PR to our project, and the build for it shows as “unauthorized”. I have no idea how to make it so it is authorized to run. Is there any feedback at all on why something is unauthorized?
The project is marked open-source, and “Build forked pull requests” is on.
Looking at your build, I see it the workflows are restricted to a context, which itself is available to All Members; this means that anyone in your organization can access this specific context at runtime.
However, the user who created the PR doesn’t appear to be a member of your GitHub organization, hence the UNAUTHORIZED outcome.
You could try enabling the Pass Secrets to Builds From Forked Pull Requests options (under Project Settings > Advanced Settings). But please, consider the potential security implications before doing so.
Oh, so putting someone in a team (and giving them commit access to things) doesn’t count as being authorized? Because dschlenk is in 2 different teams that give him access. They are secret though, would making them public be enough, or do I need to add these users as actual org members as well?
@RangerRick, the context used in the workflow is restricted to All Members which means any member of the related GitHub organization.
Write permissions to a given repository don’t entail organization membership. So you would either need to add the user as a member of the OpenNMS GitHub organization or to enable the Pass Secrets to Builds From Forked Pull Requests option in the project settings.