We have someone who has submitted a PR to our project, and the build for it shows as “unauthorized”. I have no idea how to make it so it is authorized to run. Is there any feedback at all on why something is unauthorized?
The project is marked open-source, and “Build forked pull requests” is on.
Looking at your build, I see it the workflows are restricted to a context, which itself is available to
All Members; this means that anyone in your organization can access this specific context at runtime.
However, the user who created the PR doesn’t appear to be a member of your GitHub organization, hence the UNAUTHORIZED outcome.
You could try enabling the Pass Secrets to Builds From Forked Pull Requests options (under Project Settings > Advanced Settings). But please, consider the potential security implications before doing so.
Oh, so putting someone in a team (and giving them commit access to things) doesn’t count as being authorized? Because
dschlenk is in 2 different teams that give him access. They are secret though, would making them public be enough, or do I need to add these users as actual org members as well?
@RangerRick, the context used in the workflow is restricted to
All Members which means any member of the related GitHub organization.
Write permissions to a given repository don’t entail organization membership. So you would either need to add the user as a member of the OpenNMS GitHub organization or to enable the Pass Secrets to Builds From Forked Pull Requests option in the project settings.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.