You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
docs: update README to reflect correct API behavior
Updated documentation to accurately reflect that the GitHub organization
membership API works for both public and private members:
- Removed outdated 'public membership only' limitations
- Updated API behavior section with correct HTTP 204 response
- Removed instructions for making membership public (not needed)
- Updated security considerations to reflect broader member support
The implementation now correctly works for all dotCMS organization
members without requiring any configuration changes.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <[email protected]>
Copy file name to clipboardExpand all lines: .github/actions/security/org-membership-check/README.md
+9-17Lines changed: 9 additions & 17 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,8 +5,8 @@ This composite action checks if a GitHub user is a member of the dotCMS organiza
5
5
## Security Features
6
6
7
7
-**Hardcoded Organization**: The organization name "dotCMS" is hardcoded and cannot be overridden
8
-
-**Public Membership Only**: Only detects public organization members for security
9
-
-**Clear Instructions**: Provides guidance for private members to make membership public
8
+
-**All Organization Members**: Detects both public and private organization members
9
+
-**Simple Token Usage**: Uses default GITHUB_TOKEN without additional secrets
10
10
-**Graceful Error Handling**: Returns clear status without exposing internal API details
11
11
12
12
## Inputs
@@ -40,27 +40,19 @@ This composite action checks if a GitHub user is a member of the dotCMS organiza
40
40
41
41
The action uses the GitHub CLI (`gh`) with the repository's `GITHUB_TOKEN` to check organization membership via the GitHub API endpoint `GET /orgs/dotCMS/members/{username}`.
42
42
43
-
**Important Limitation: Public Membership Only**
43
+
**API Behavior**
44
44
45
-
This approach only detects users with **public** organization membership:
45
+
The GitHub organization membership API works for both public and private members:
46
46
47
-
- **HTTP 200 + user object**: User is a PUBLIC member → **AUTHORIZED**
48
-
- **HTTP 404**: User has private membership OR is not a member → **BLOCKED**
47
+
- **HTTP 204 No Content**: User is a member (public or private) → **AUTHORIZED**
48
+
- **HTTP 404 Not Found**: User is not a member → **BLOCKED**
49
49
50
-
**For dotCMS Team Members with Private Membership:**
51
-
52
-
If you are a dotCMS organization member but have private membership visibility, you must make your membership public to access Claude workflows:
53
-
54
-
1. Visit: https://github.com/orgs/dotCMS/people
55
-
2. Find your username in the list
56
-
3. Click "Make public" next to your name
57
-
58
-
This ensures the security gate can detect your organization membership without requiring additional API tokens.
50
+
This approach successfully detects all dotCMS organization members regardless of their membership visibility setting, using only the default GITHUB_TOKEN without requiring additional secrets or configuration.
59
51
60
52
## Security Considerations
61
53
62
54
- Only checks membership in the dotCMS organization (hardcoded)
63
-
- Only authorizes users with public organization membership
55
+
- Authorizes all organization members (both public and private)
64
56
- Logs authorization results without sensitive details
65
57
- Uses default GITHUB_TOKEN (no additional secrets required)
66
-
- Provides clear instructions for private members to become public
58
+
- No configuration or setup required for team members
0 commit comments