Comments (14)
globaltopmedia
commented on May 30, 2024
1
Thanks for the reply, and good there is support for this.
The kink we see is that members are constantly shown as being removed from the organisation repos where they don't have a formal, defined role, but where they have a base role of "read"
In the example below, marceldumontgh as an outside collaborator, while globaltopmedia is an organisation (and enterprise) user. (the organisation name is fake)
Processing automated repository "example-sandbox/poc-external-access"...
- Skipping invitee "marceldumontgh" with permissions "write"
- Removing collaborator "globaltopmedia"
...done with "example-sandbox/poc-external-access"✔
from outside-collaborators.
globaltopmedia
commented on May 30, 2024
1
I have joined successfully
from outside-collaborators.
globaltopmedia
commented on May 30, 2024
1
Required the following fine-grained permissions to get it to work correctly:
Repository permissions:
- Read access to metadata
- Read and Write access to administration
Organization permissions:
- Read access to members
from outside-collaborators.
pattacini
commented on May 30, 2024
Thanks for reaching out!
Although the tool is intended for managing outside collaborators it also affects Members.
If manually added members are not declared within the repo's files, they are being removed as users from the repo.
There are actually safeguards already in place to skip organization members.
See for example:
outside-collaborators/scripts/outside-collaborators-handler.rb
Lines 74 to 77 in fc556ce
We essentially check whether a user is a member of the org by relying on org_member?().
Also, we manage several repos with this automation where we have outside collaborators and organization members at the same time without any known problems.
Did you encounter any kinks while using the automation?
from outside-collaborators.
pattacini
commented on May 30, 2024
Closing.
Feel free to open it up again if required.
from outside-collaborators.
pattacini
commented on May 30, 2024
The kink we see is that members are constantly shown as being removed from the organisation repos where they don't have a formal, defined role, but where they have a base role of "read"
That's actually quite strange as we also rely on the same base role "read" for org members.
Just for clarification, in the example you provided above, globaltopmedia is an org user who has been manually1 added up to example-sandbox/poc-external-access with which permission2?
I might create some quick snippets to hand you out for debugging, if you're interested.
Footnotes
from outside-collaborators.
globaltopmedia
commented on May 30, 2024
globaltopmedia is an org user which has not been added manually or is present in any yaml file related to the repo.
Here a more elaborate example:
- Changed the role of marceldumontgh in "example-sandbox/poc-acquiacms-wiki" from "read" to "write".
No changes were made for the repo "example-sandbox/poc-external-access" nor was globaltopmedia mentioned anywhere in any yaml file.
Contents of the relevant yml files:
repos/poc-external-access.yml
poc-external-access: marceldumontgh: type: "user" permissions: "write"
repos/poc-acquiacms-wiki.yml
poc-acquiacms-wiki: marceldumontgh: type: "user" permissions: "write"
Processing automated repository "example-sandbox/poc-acquiacms-wiki"...
- Removing invitee "marceldumontgh"
- Inviting collaborator "marceldumontgh" with permissions "write"
- Removing collaborator "globaltopmedia"
...done with "example-sandbox/poc-acquiacms-wiki"✔
Processing automated repository "example-sandbox/poc-external-access"...
- Skipping invitee "marceldumontgh" with permissions "write"
- Removing collaborator "globaltopmedia"
...done with "example-sandbox/poc-external-access"✔
from outside-collaborators.
pattacini
commented on May 30, 2024
globaltopmedia is an org user which has not been added manually or is present in any yaml file related to the repo.
Sounds somehow unexpected to me.
I've created an ad-hoc org for this and invited you to join: https://github.com/outside-collaborators-playground.
This way, we can design a shared use case that better fits yours for debugging purposes.
from outside-collaborators.
pattacini
commented on May 30, 2024
Tell me once you'll have joined, if you like to do so, so that I can grant you write access to the repos.
from outside-collaborators.
pattacini
commented on May 30, 2024
I've granted you write access to the dashboard repo and admin access to the test-repo.
from outside-collaborators.
pattacini
commented on May 30, 2024
It turned out that setting up a fine-grained PAT is not as simple as dealing with the classic one with repo scopes.
Warning
A fine-grained PAT not equipped with the necessary permissions makes org_member?() fail to recognize an actual org member without printing any warning/error message.
from outside-collaborators.
pattacini
commented on May 30, 2024
README made clearer in this respect: see 82bbb96.
from outside-collaborators.
pattacini
commented on May 30, 2024
Fantastic! Thank you @globaltopmedia for the feedback.
I'll update the main README.
from outside-collaborators.
pattacini
commented on May 30, 2024
Done via 75bc589.
Thanks again @globaltopmedia!
from outside-collaborators.
Related Issues (20)
- Empty groups are not handled correctly
- Action breaks when a user is invited more than once HOT 2
- Add Host-coreboot.yml to repos directory and add coreboot users HOT 3
- Failed when managing archived repos
- Deleting a file from repos does not trigger a proper cleanup HOT 4
- check-automated-repositories does not warn that an user has been manually removed HOT 2
- Handle Rate Limit HOT 5
- Judge the possibility to keep previous invitations
- Add collaborators to a list of repos HOT 5
- Extend the mentioning mechanism to discussions HOT 1
- Send out fresh invitations HOT 1
- [mentioning] Do all repositories need access to the PAT of org admin? HOT 5
- Duplicate entries break the update scripts. HOT 12
- Github action still seems successful even if collaborators weren't added HOT 1
- Rate limiter not handled correctly for paged services
- Rate limit exception got at a safeguarded seemingly single operation HOT 5
- Mentioning Breaking - Need Info HOT 8
- GH handles with wrong case are not added up
- PR are not actually checked
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from outside-collaborators.