Documentation

Overview

Reference

GitHub

GitHub Enterprise

Gitea

GitLab

Gogs

Bitbucket Cloud

Bitbucket Server

Certificates

Headers

Logging

Metrics

Database

Encryption

Blobs

Registration

Management

Administrators

Machine

Starlark

GitHub Teams

Overview

About Installation

Install On Linux

Install On Windows

About Configuration

Logging

Dashboard

Reference

Overview

About Installation

About Configuration

Logging

Policies

Dashboard

Reference

Overview

Installation

Install On Linux

Install On MacOS

Install On Windows

About Configuration

Logging

Dashboard

Reference

Overview

Installation

About Configuration

Logging

Dashboard

Reference

Overview

Installation

About Configuration

Logging

Dashboard

Reference

Overview

Installation

About Configuration

Logging

Dashboard

Reference

Overview

Installation

Configuration

Logging

Reference

AWS Secrets

Vault Secrets

Kubernetes Secrets

About Quick Start

Docker Pipelines

Kubernetes Pipelines

Command Line Runner

Overview

Configuration

Overview

About Configure

Triggers

Platform

Workspace

Cloning

Steps

Plugins

Services

Images

Parallelism

Conditions

Routing

Volumes

Host Volumes

Temporary Volumes

Examples

Example C Pipeline

Example C++ Pipeline

Example Clojure Pipeline

Example CouchDB Configuration

Example Crystal Pipeline

Example D Pipeline

Example Dart Pipeline

Example Docker Configuration

Example Docker-in-Docker Configuration

Example Elasicsearch Configuration

Example Elixir Pipeline

Example Erlang Pipeline

Example Go Pipeline (with Gopath)

Example Go Pipeline (with Modules)

Example Gradle Pipeline

Example Groovy Pipeline

Example Haskell Pipeline

Example Haxe Pipeline

Example Java Pipeline

Example MariaDB Configuration

Example Maven Pipeline

Example Memcached Configuration

Example MongoDB Configuration

Example MySQL Configuration

Example Nats Configuration

Node Example

Example Perl Pipeline

Example PHP Pipeline

Example Postgres Configuration

Python

Example R Pipeline

Example Redis Configuration

Example RethinkDB Configuration

Example Ruby Pipeline

Example Rust Pipeline

Example Swift Pipeline

Example Vault Configuration

Overview

About Configure

Metadata

Triggers

Platform

Workspace

Cloning

Steps

Plugins

Services

Images

Parallelism

Conditions

Tolerations

Nodes

Volumes

Host Volumes

Temporary Volumes

Examples

Example C Pipeline

Example C++ Pipeline

Example Clojure Pipeline

Example CouchDB Configuration

Example Crystal Pipeline

Example D Pipeline

Example Dart Pipeline

Example Docker Configuration

Example Docker-in-Docker Configuration

Example Elasicsearch Configuration

Example Elixir Pipeline

Example Erlang Pipeline

Example Go Pipeline

Example Gradle Pipeline

Example Groovy Pipeline

Example Haskell Pipeline

Example Haxe Pipeline

Example Java Pipeline

Example MariaDB Configuration

Example Maven Pipeline

Example Memcached Configuration

Example MongoDB Configuration

Example MySQL Configuration

Example Nats Configuration

Node Example

Example Perl Pipeline

Example PHP Pipeline

Example Postgres Configuration

Python

Example R Pipeline

Example Redis Configuration

Example RethinkDB Configuration

Example Ruby Pipeline

Example Rust Pipeline

Example Swift Pipeline

Example Vault Configuration

Overview

About Configure

Cloning

Platform

Triggers

Workspace

Steps

Parallelism

Conditions

Routing

Overview

About Configure

Server

Triggers

Platform

Workspace

Cloning

Steps

Parallelism

Conditions

Overview

About Configure

Settings

Triggers

Platform

Workspace

Cloning

Steps

Parallelism

Conditions

Overview

About Configure

Triggers

Cloning

Steps

Parallelism

Conditions

About Badges

About Conditions

About Triggers

About Skipping

Syntax

Substitution

Reference

Jsonnet

Starlark

Overview

Per Repository

Per Organization

Encrypted

About External

Vault

Kubernetes

AWS Secrets

About Signatures

About Promotions

About Cron

Overview

Explore

Example Go Plugin

Example Bash Plugin

Docker

Overview

Example Payloads

Starter Project

Overview

Admission Extension

Configuration Extension

Conversion Extension

Environment Extension

Registry Extension

Secret Extension

Validation Extension

Drone Autoscaler

About Installation

Install for Amazon EC2

Install for Azure

Install for Digital Ocean

Install for Google Cloud

Install for Hetzner Cloud

Install for Open Stack

Install for Packet

About Configuration

Configure SSL

Configure SSL with Lets Encrypt

Configure Logging

Configure Prometheus

Configure Slack Alerts

Using a Custom Cloud-Init

Configuration Reference

About CLI Reference

CLI Installation

CLI Configuration

CLI Commands

drone autoscale pause

drone autoscale resume

drone autoscale version

drone server create

drone server destroy

drone server env

drone server info

drone server ls

About API Reference

API Overview

Server Endpoints

System Endpoints

About Troubleshooting

About Support

About FAQ

Installation

Configuration

Licensing

About YAML Specification

Digital Ocean Pipeline

Docker Pipeline

Exec Pipeline

Kubernetes Pipeline

SSH Pipeline

Overview

Build Approve

Build Create

Build Decline

Build Info

Build List

Build Logs

Build Promote

Build Restart

Build Stop

Cron Create

Cron Delete

Cron Info

Cron List

Cron Trigger

Cron Update

Repo Chown

Repo Disable

Repo Enable

Repo Info

Repo List

Repo Repair

Repo Update

Secret Create

Secret Delete

Secret Info

Secret List

Secret Update

Current User Feed

Current User Info

Current User Repos

Current User Sync

User Create

User Delete

User Info

User List

User Update

Installation

Configuration

drone encrypt

drone exec

drone sign

drone jsonnet

drone user add

drone user info

drone user ls

drone user rm

drone repo add

drone repo chown

drone repo info

drone repo ls

drone repo repair

drone repo rm

drone repo update

drone build approve

drone build decline

drone build info

drone build last

drone build ls

drone build promote

drone build restart

drone build stop

drone secret add

drone secret info

drone secret ls

drone secret rm

drone secret update

drone orgsecret add

drone orgsecret info

drone orgsecret ls

drone orgsecret rm

drone orgsecret update

drone cron add

drone cron disable

drone cron enable

drone cron info

drone cron ls

All Categories > Installation > Server > Server Extensions > GitHub Teams

GitHub Teams

Updated 2 years ago by Admin

Configuration
Installation
Verification
Customization

Drone provides an official extension to limit system access based on GitHub organization and team membership. You can use this extension to configure access policies, such as:

If user is organization member, grant access
If user is organization admin, grant admin access
If user is member of designated team, grant admin access (optional)
Else deny access

Configuration

DRONE_GITHUB_ENDPOINT
Github API base URL. This is only required when integrating with GitHub Enterprise. The URL format should be http(s)://[hostname]/api/v3

DRONE_GITHUB_TOKEN
GitHub API personal access token. This token must have adequate permissions to access organization and team endpoints.

DRONE_GITHUB_ORG
Comma-separated lists of organizations. If defined, the user must be a member of at least one organization in the list.

DRONE_GITHUB_TEAM
Comma-separated lists of teams. If defined, users that are members of this team are granted administrative access.

Installation

Create a shared secret.

$ openssl rand -hex 16
bea26a2221fd8090ea38720fc445eca6

Download and run the extension.

$ docker run -d \
--publish=3000:3000 \
--env=DRONE_DEBUG=true \
--env=DRONE_SECRET=bea26a2221fd8090ea38720fc445eca6 \
--env=DRONE_GITHUB_TOKEN=3da541559918a808c2402bba5012f6c6 \
--env=DRONE_GITHUB_ORG=acme \
--env=DRONE_GITHUB_TEAM=admins \
--restart=always \
--name=admitter drone/drone-admit-members

Update your Drone server configuration to include the extension address and the shared secret.

DRONE_ADMISSION_PLUGIN_ENDPOINT=http://1.2.3.4:3000
DRONE_ADMISSION_PLUGIN_SECRET=bea26a2221fd8090ea38720fc445eca6

Verification

You can verify the extension is configured and is processing requests using the command line utility.

Provide the command line utility with the extension endpoint and secret.

export DRONE_ADMISSION_ENDPOINT=http://localhost:3000
export DRONE_ADMISSION_SECRET=bea26a2221fd8090ea38720fc445eca6

Use the command line utility to check if a user is admitted:
```
$ drone plugins admit octocat
```

Customization

This extension is considered a reference implementation of an admission controller, and has limited scope. You are encouraged to fork and customize this extension as needed. You can find the source code at drone/drone-admit-members.

How did we do?

(opens in a new tab)

GitHub Teams

Configuration

Installation

Verification

Customization

How did we do?

Related Articles GitHub GitHub Enterprise Documentation

Contact

Related Articles

GitHub

GitHub Enterprise

Documentation