Document which scopes are needed for owners verification about codeowners-validator HOT 4 OPEN

Hi @ZacSweers

the GitHub token was already described some time ago here: https://github.com/mszostok/codeowners-validator/blob/master/docs/gh-token.md

Regarding the endpoint problem that you mentioned. I'm using the endpoint under the repos URL as I need to know that a given team is assigned to the proper repos. I'm not interested in all teams and using the https://api.github.com/orgs/<org>/teams requires to call another endpoint to check the assigned repos and that increase the number of calls against the GitHub which I want to keep minimal

from codeowners-validator.

Hmm, when I tried this we always get back an empty list. Let me see if I can debug with some manual querying on the API to repro

from codeowners-validator.

From some experimentation, even with the permissions specified in the doc above, it looks like the user with the token either needs to be an organization owner or have admin access to the repo in question.

I'm not sure how to verify the exact scopes required for this operation in the GH docs (eg. can't find this documented).

Does this sound right to you @mszostok ? It doesn't seem like it should require admin access to list the teams for a repo, so I may be missing something.

from codeowners-validator.

I had the same issue. I can't list teams in the repo, and the tests for this seem to be failing with the same 404 error. After consulting the documentation from the API seems like there is no error, but it is not working for public repositories either. After doing this change it is working for the private repo case I am working on: https://github.com/photonbit/codeowners-validator/commit/f145b6563e0e71f503213dbf5fab2318350ec8f9

from codeowners-validator.