Private repo problem

[umaim]

I've read #112 . I have the same problem. But I'm sure my repo was forked from a personal account.

I followed the Advanced Setup (with config) to setup my forked private repo, grand permisstion to my forked private repo.

.github/pull.yml file looks like

version: "1"
rules:
  - base: master
    upstream: stackia:master
    mergeMethod: hardreset
  - base: hzv2
    upstream: stackia:hzv2
    mergeMethod: hardreset

And set this branch as default.

Go to https://pull.now.sh/check/${owner}/${repo}, it said File not found.

Then I found that the commits after forked not updated.

Did I miss something?

Thank you in advance. :)

[wei]

The check url currently only works on public repos at this time. Is it still not creating pull requests for you?

[umaim]

Hey wei:
Thank you for your reply.
There is still no PR for me. 10 commits behind the original repo so far.

And I try to reinstall Pull App, still not work.

[wei]

Thanks for reporting. I will check tonight and report back.

[wei]

I can reproduce! The REST API Endpoint used to compare changes is returning 404 for private forks when using the Installation Token obtained by our Github App. I have opened a bug ticket with Github and will report back as soon as I hear anything.

[umaim]

Thank you for your patience, wei.

I look forward to your reply and wish you and your work can be better and better. ❤️

[wei]

Thanks for reaching out. What you're looking to do is not possible currently. It's not possible to compare two commits for private forks with a GitHub App installation token. The reason why that's not possible is that any installation has access only to public resources and private resources owned by the target of the installation. An installation for target X can't have access to private resources of target Y. The reason why that's not possible is that this is how permissions for GitHub Apps are defined -- an installation of a GitHub App has permissions only for resources owned by the target of the installation.

In most situations, this is not a problem since most functionality is related only to resources owned by a single target. But the compare endpoint is a bit different since it supports comparing across forks, which means that multiple targets are involved.

The team is aware that there are some use-cases where this would be useful, but it would be a fundamental change to how permissions for GitHub Apps work. With that in mind, I don't expect any changes will be made to support this in the near future.

Unfortunately, the installation token does not have access to your fork's parent which is a private repo. The only way around it is a personal token which pull does not currently (or likely to) support. Please let me know If you can think of any other methods.

[b-zurg]

@wei I think there might be a solution - to provide a personal access token that grants this permission.

See tgymnich/fork-sync#8

There could potentially, in the configuration, be a token field that is used in lieu of the GITHUB_TOKEN which would widen the scope of permissions.

This would be a life-saver for those of us with private repos who are working with collaborators.

[wei]

@b-zurg thanks for the suggestion. Please try out GitHub Actions: git-sync or github-sync. They will allow for maximum flexibility in syncing.