Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check if user has write permissions in a repo for deploy: releases #590

Closed
iriberri opened this issue Feb 21, 2017 · 1 comment
Closed

Comments

@iriberri
Copy link
Contributor

We've had some reports for deploy: releases receiving 404 errors from GitHub:

/home/travis/.rvm/gems/ruby-2.2.5/gems/octokit-4.6.2/lib/octokit/response/raise_error.rb:16:
in `on_complete': 
POST https://api.github.com/repos/ORG_NAME/REPO_NAME/releases:
404 - Not Found // See: https://developer.github.com/v3 (Octokit::NotFound)

After taking a look at the code, it seems that dpl is looking if the repo and public-repo scopes are set up for the token:

unless api.scopes.include? 'public_repo' or api.scopes.include? 'repo'
raise Error, "Dpl does not have permission to upload assets. Make sure your token contains the repo or public_repo scope."
end

However, even though these scopes are correctly set up for a user token, it is possible that the user itself does not have write permissions to the repository (creating a new release requires these permissions), but just read permissions.

It seems that ability to get the permission level for a given user on a given repository was added to the API recently, and it was added to octokit here: https://github.com/octokit/octokit.rb/blob/7c2d36f52ffea5b4f52e25bfa27d7b6c8e514975/lib/octokit/client/repositories.rb#L360.

Do you think it would it be possible/make sense to add an extra check for this for the releases provider?

Thank you!

@iriberri iriberri changed the title Check write permissions to repo for deploy: releases Check if user has write permissions in a repo for deploy: releases Feb 21, 2017
@stale
Copy link

stale bot commented Apr 12, 2018

Thanks for contributing to this issue. As it has been 90 days since the last activity, we are automatically closing the issue. This is often because the request was already solved in some way and it just wasn't updated or it's no longer applicable. If that's not the case, please do feel free to either reopen this issue or open a new one. We'll gladly take a look again! You can read more here: https://blog.travis-ci.com/2018-03-09-closing-old-issues

@stale stale bot added the stale label Apr 12, 2018
@stale stale bot closed this as completed Apr 13, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant