recipe-maintainers/cc-ci-orchestrator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
28ef7e44ab19feef26e81fd388363d64feec0027
cc-ci-orchestrator/memory/recipe-mirrors-public-org-blocker.md
autonomic-bot 542ed0afe3 memory: move agent memory into repo (memory/), note in AGENTS.md 
Persistent agent memories now live in memory/ in this repo; the Claude
auto-memory path is symlinked here so future memories land in the repo
and get committed like any other change.
2026-06-09 19:25:20 +00:00

30 lines
1.8 KiB
Markdown
Raw Blame History

---
name: recipe-mirrors-public-org-blocker
description: "Recipe mirrors are public repos but the recipe-maintainers ORG is private-visibility, so anon reads 404; bot can't flip the org"
metadata:
node_type: memory
type: project
originSessionId: f7960036-d990-4a21-a81e-f7c486d97fea
---
As of 2026-06-09 all 21 recipe mirrors under `recipe-maintainers` were flipped `private=false`
(secret-scanned first), to power the Recipe Report's live PR-STATUS column via the tokenless
same-origin proxy `report.ci.commoninternet.net/pr/<recipe>/<n>` (shipped in cc-ci
`nix/modules/reports.nix`). BUT the **org itself is `visibility: private`**, which makes Gitea 404
all its repos for anonymous users — so the live STATUS column shows a muted "?" instead of open/✓.
**Blocker:** `autonomic-bot` cannot flip the org (PATCH `/orgs/recipe-maintainers` → 403 "Must be an
organization owner"; `is_admin=false`; the basic-auth credential lacks `write:organization` scope,
even though the bot is in the Owners team). Confirmed model: `autonomic-cooperative` is a public org
and its repos ARE anonymously visible; `recipe-maintainers` is private and they are not.
**Why:** the whole live-status feature is dark until this is resolved. Private repos stay hidden even
in a public org, so flipping the org public does NOT expose the four locked-private repos (`cc-ci`,
`cc-ci-secrets`, `cc-ci-orchestrator`, `archived-cc-ci-orchestrator`).
**How to apply:** operator (an org owner) must set `recipe-maintainers` org visibility to **public**
in the Gitea UI (Settings → make org public), OR provision a token with `write:organization` scope.
The instant that happens, the proxy returns 200 PR JSON and the column lights up — no redeploy needed.
Verify: `curl https://report.ci.commoninternet.net/pr/cryptpad/5` should return PR JSON, not a 404.
Related: [[push-commits-to-remote]].
Reference in New Issue View Git Blame Copy Permalink