How do I know _why_ a build is unauthorized?

We have someone who has submitted a PR to our project, and the build for it shows as “unauthorized”. I have no idea how to make it so it is authorized to run. Is there any feedback at all on why something is unauthorized?

The project is marked open-source, and “Build forked pull requests” is on.

:wave: Hi @RangerRick,

Looking at your build, I see it the workflows are restricted to a context, which itself is available to All Members; this means that anyone in your organization can access this specific context at runtime.

However, the user who created the PR doesn’t appear to be a member of your GitHub organization, hence the UNAUTHORIZED outcome.

You could try enabling the Pass Secrets to Builds From Forked Pull Requests options (under Project Settings > Advanced Settings). But please, consider the potential security implications before doing so.

Oh, so putting someone in a team (and giving them commit access to things) doesn’t count as being authorized? Because dschlenk is in 2 different teams that give him access. They are secret though, would making them public be enough, or do I need to add these users as actual org members as well?

@RangerRick, the context used in the workflow is restricted to All Members which means any member of the related GitHub organization.

Write permissions to a given repository don’t entail organization membership. So you would either need to add the user as a member of the OpenNMS GitHub organization or to enable the Pass Secrets to Builds From Forked Pull Requests option in the project settings.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.