I wanted to report a painful issue we’re having trying to move to use a GitHub App for common operations. This seems to be an unexpected or invalid set of logic related to the ‘member repository permissions’ set for organizations on GitHub. This is impacting all of our GitHub organizations, including our Enterprise Cloud orgs.
A PATCH to a repository that is private, to change private to false, succeeds when called by a GitHub App that has repository admin permissions in an organization that has selected the privilege “allow members to change repository visibilities for this organization”
The PATCH fails with HTTP 422, stating “Visibility can’t be changed by this user”, and pointing to a documentation page about GitHub pricing (although this is a GitHub Enterprise Cloud organization). The repository remains private.
Confirmed API workaround
Change the ‘repository creation’ member privilege restriction to ‘allow private and public’. This does not work with our organization’s security and compliance policy that repos not be created directly on GitHub.
(have reproduced with many apps and installs beyond this)
Cannot use GitHub Apps to replace older workflow. Documented behavior of member privileges is not accurate and causes pain, blocking scenarios.
Painful mitigation – do not use GitHub Apps:
At this time we are forced to abandon using GitHub Apps for some scenarios and will have to continue using org owner personal access tokens or OAuth tokens for authorized users who are org owners.
Confusion around whether GitHub Apps are people/users or not… this is a server-to-server call, but the error message implies it’s a “user”
Set of independent member privileges set for the Azure-Samples org
Admin repository permissions:
Repository visibility change:
[ x ] Allow members to change repository visibilities for this organization
If enabled, members with admin permissions for the repository will be able
to change repository visibility from public to private. If disabled, only
organization owners can change repository visibilities.
Solved! Solved! Go to Solution.