Github private organisation repositories

I have setup drone to use a private organization github repository.

I have set DRONE_ORGS to be the name of the organization, when I login to drone the organization repositories are listed along with all private repositories of the users who have logged in,

Is there anyway to change this so that only the organization repositories are available in drone ?

I have set DRONE_ORGS to be the name of the organization, when I login to drone the organization repositories are listed along with all private repositories of the users who have logged in,

the DRONE_ORGS parameter only limits who can login to the system. It does not limit which repositories are visible or can be activated in the user interface.

Is there anyway to change this so that only the organization repositories are available in drone ?

Yes we have the setting: http://docs.drone.io/custom-access-policies/

Thanks for that tip as always very helpfull, I tried it but i am still seeing all repository personal and organization ones.

I notice it says something about enterprise support so will this setting work with out that on personal servers ?

I will try a few more things in case i am doing something silly.

I notice it says something about enterprise support so will this setting work with out that on personal servers ?

This feature is only available in the Enterprise version of Drone

Guess there is no other option ?

This actually feels wrong anyway should not be down to drone to restrict whats imported, the very fact that it can implies that the drone whitelist just stops the import and does not actually restrict or implement any restrictions, these would need to be done on github’s side so is oauth the right way or is there a better option ?

You can also restrict which oauth application have access to your data at the organization level in GitHub https://help.github.com/articles/enabling-oauth-app-access-restrictions-for-your-organization/1

There are also GitHub applications, which is a relatively new alternative to oauth applications that provide more find-grained access control. Refactoring Drone as a GitHub application is planned, however, it is non trivial and will require a significant time investment on my end. I do not expect the feature to land for a few months (until maybe June)

How about the opposite? can I restrict repos to just my personal repos? The drone server is just for me, but my employer has several thousand repos, just loading the list kills my browser, and it’s painful when drone refreshes the list.
(basically no org access)

3 Likes

This is a very old topic, but googling brought me here, so I wanted to share my findings.

It would seem that DRONE_REPOSITORY_FILTER would let one do what OP was trying. By setting it, seems like I would be able to limit repo activiation to just a specific org.

the DRONE_REPOSITORY_FILTER variable filters the list of repositories from your source control management system (e.g. github) that are synced with and added to the Drone database. This value needs to be set before your first login. Setting this variable after you have already authenticated and synchronized your account will have no impact of existing repositories (since they would have already beed added to the database), but would prevent future repositories from being added.

Thanks for the clarification Brad!

I forgot to mention that if users have already synced accounts and repositories exist in the Drone database that you want filtered out, you can delete these repositories from the database and set DRONE_REPOSITORY_FILTER to prevent them from being re-added.

DELETE FROM repos WHERE repo_namespace IN ('org1', 'org2')