We had a working drone setup with github web hooks and the admin user left and was removed from the org.
I have read the FAQ stating “The second most common root cause for this issue is the user that enabled the repository had their access to the repository revoked. Drone makes the API request to fetch the yaml on the behalf of this user. If the user cannot access the repository, neither can Drone. You can resolve this issue by de-activating and re-activating the repository using an account that has the appropriate access levels.”
I have no clue what does this sentence means “You can resolve this issue by de-activating and re-activating the repository using an account that has the appropriate access levels.”
I have reset the github oauth “Client Secret” and updated the drone, revoked all the client tokens and re-authorized the drone with github - still no luck
In the log I see the following line:
{“commit”:“5526aa073d32b43195db91caaafe3830addc0580”,“error”:“Bad credentials”,“event”:“push”,“level”:“warning”,“msg”:“trigger: cannot find yaml”,…
Drone uses the oauth2 token of the user that activated the repository in Drone to make API requests to GitHub (API requests need to be made on behalf of a user). If the user loses access to the repository then the API calls will fail. You can solve this by making sure the repository is “owned” by an active user with permission to the repository so that their oauth2 token is used. The easiest way to do this is to de-activate and re-activate the repository so you become the owner.
I’m organisation admin and have full access to all the repositories in the organisation.
I have revoked and re-authorised drone with github for the organisation.
There is nothing I know that I can do to get more access to repositories.
I have found out that I need to go over each repository and do enable and disable in drone ui with the button that is located at the repository setting bottom.
This is hardly an enterprise-ready solution
This is a limitation of github oauth2. A repository must be tied to a user account. Many of our enterprise customers activate repositories using a machine account [1] to workaround these GitHub limitations.
You can re-assign ownership in batch with the following commands [2]:
We are also considering a few different ways to make this less painful. One solution we are exploring is the ability to receive webhooks from github when a user is removed from an organization. Upon receiving the webhook from github, Drone could fetch a list of repositories owned by the user and then attempt to re-assign them to someone else in the organization with adequate repository access. We have a few other solutions we are considering as well, each with pros and cons, however, I’m confident we will have something available in Q2.
We added functionality in version 1.7.0 to re-assign repository ownership when a user is de-activated or deleted from drone. So if a user leaves your company or organization, removing them from drone will re-assign all repositories owned by that user.