Being repeatedly removed and re-invited as a collaborator #106
Comments
ibrechin
changed the title
|
Hi @ibrechin. This would be due to - https://github.com/ministryofjustice/github-collaborators#github-external-collaborators We need you captured in TF to stop this happening. You can either raise the change and a PR, or if you don't have access to create a branch then provide me with the following info:
Any problems let me know. |
|
I am captured in TF: https://github.com/ministryofjustice/github-collaborators/blob/953b9144368b5c0097fdef5b7b653b53c1e0b4b1/terraform/bai2.tf I am assuming that the fact that I am captured in TF is why some automated process keeps on removing me and then re-inviting me. |
|
Will investigate. |
|
@ibrechin @AntonyBishop is this still happening? I'm not sure what's going on here. There are 2 ways this repo removes collaborators. Collaborators who are defined in terraform, and then get removed (by deleting the terraform code from this repository) are removed by the Terraform apply github action. If that happens, we see a line like this in the workflow log: The other way is the Post collaborators JSON github action, which runs a script that removes all collaborators who aren't defined in terraform code. When that happens every collaborator removed is logged like this: (There's also a "Remove a collaborator" github action, but that is only ever run manually, supplying the collaborator and repo name when the action is invoked, so it's definitely not involved here) I've looked through all the workflow logs going back for the last 10 days, and the only relevant mention of That's from this run 8 days ago, and it implies that, at that point in time, Whenever the script removes a collaborator, it creates an issue in the relevant repository, like this one. I can only see that one issue, in the bai2 repository. Because I can't see any mention of removing ibrechin in either set of logs, and because there's only one auto-generated issue on that repo, I don't think it's this project which is repeatedly removing access to that repository. I can see a pending invite for ibrechin in that repo: Pending invites are invisible to the terrafrom code that manages our collaborators, because they don't show up in the Github API, and until you accept the invite, you won't have access. Please try accepting that invite, and let's see if this happens again. If it does, we can try to work through it in realtime when we can run the action and see the results immediately (@AntonyBishop I might have to leave that part to you - all of the relevant actions can be triggered via the Github UI "Run workflow" button, e.g. here, and then just keep an eye on the log output in the github UI. |
|
I stopped accepting the invites because I was getting removed again every time, and unfortunately the last invite I received was on 21st January and when I tried to accept it just now Github said it had expired. I can give the timestamps for when the invites were sent out (I don't know if this would be the same time that I was removed): |
|
I have received new invites which I have now accepted. Let's see if it takes. |
|
As of 10:28 today I appear to have been removed and sent new invites again. |
|
Hi @ibrechin thanks for letting us know. @digitalronin anything that would suggest why this happened? |
For some reason, these collaborations are being repeatedly destroyed and recreated, as per #106 This change removes the terraform source, which should completely remove the collaborations from the terraform state. After this, a later PR will reinstate them in the hopes that they "stick" this time. > I have a theory that this can happen if collaboration invitations are "pending" throughout multiple terraform apply steps. If this works, I might try to recreate this problem in a different repo, to confirm.
jriga is experiencing the same issue as ibrechin (#106) This PR removes their collaboration on 3 repositories. After manually removing their pending invites, and running terraform apply, a subsequent PR will replace the deleted terraform source. My hope is that this will "reset" the terraform state wrt. these collaborations. I think this might be contingent on the collaboration invitations being accepted promptly, although I haven't tried to confirm that yet.
|
@AntonyBishop You were absolutely right - the problem is the "maintain" permission. "maintain" and "triage" won't work, because the github API only (and incorrectly) returns "pull", "push" or "admin" once you create the collaboration (see this issue comment). So, terraform always things the permission is incorrect, and recreates the collaboration on every I can reproduce this problem if I set permission to "maintain" or "triage" - as soon as I accept the invitation, terraform recreates the collaboration on the next run. The two people affected by this issue are the only collaborators who were given "maintain" permissions on the relevant repositories. Changing to "push" makes everything work fine, and it doesn't make any difference when you accept the invitation. I've changed the affected collaborations to "push" via #117 so as soon as the users accept the latest invitations, everything should be fine. |
I was added as a collaborator on https://github.com/ministryofjustice/bai2, but after accepting the invite, within 24 hours I was removed as a collaborator and a new invite was sent out. After accepting the invite again, the same thing happened.
The text was updated successfully, but these errors were encountered: