Drone CI 中文文档

GitHub Teams

Drone provides an official extension to limit system access based on GitHub organization and team membership. You can use this extension to configure access policies, such as:

  • If user is organization member, grant access
  • If user is organization admin, grant admin access
  • If user is member of designated team, grant admin access (optional)
  • Else deny access


    Github API base URL. This is only required when integrating with GitHub Enterprise. The URL format should be http(s)://[hostname]/api/v3
    GitHub API personal access token. This token must have adequate permissions to access organization and team endpoints.
    Comma-separated lists of organizations. If defined, the user must be a member of at least one organization in the list.
    Comma-separated lists of teams. If defined, users that are members of this team are granted administrative access.


  1. Create a shared secret.

    $ openssl rand -hex 16
  2. Download and run the extension.

    $ docker run -d \
    --publish=3000:3000 \
    --env=DRONE_DEBUG=true \
    --env=DRONE_SECRET=bea26a2221fd8090ea38720fc445eca6 \
    --env=DRONE_GITHUB_TOKEN=3da541559918a808c2402bba5012f6c6 \
    --env=DRONE_GITHUB_ORG=acme \
    --env=DRONE_GITHUB_TEAM=admins \
    --restart=always \
    --name=admitter drone/drone-admit-members
  3. Update your Drone server configuration to include the extension address and the shared secret.



You can verify the extension is configured and is processing requests using the command line utility.

  1. Provide the command line utility with the extension endpoint and secret.

    export DRONE_ADMISSION_ENDPOINT=http://localhost:3000
    export DRONE_ADMISSION_SECRET=bea26a2221fd8090ea38720fc445eca6
  2. Use the command line utility to check if a user is admitted:

    drone plugins admit octocat


This extension is considered a reference implementation of an admission controller, and has limited scope. You are encouraged to fork and customize this extension as needed. You can find the source code at drone/drone-admit-members.