github-starred/gitea-mirror
2
0
Fork 0
mirror of https://github.com/RayLabsHQ/gitea-mirror.git synced 2026-05-07 21:17:16 -05:00
Code Issues 103 Packages Projects Releases 93 Wiki Activity

[GH-ISSUE #217] First time Import GitHub Data Fails if I belong to Organizations With SAML Security or 2FA #711

New Issue
Closed
opened 2026-04-16 02:42:07 -05:00 by GiteaMirror · 5 comments
GiteaMirror commented 2026-04-16 02:42:07 -05:00
Owner
Copy Link

Originally created by @RobertGonzales1 on GitHub (Mar 6, 2026).
Original GitHub issue: https://github.com/RayLabsHQ/gitea-mirror/issues/217

Originally assigned to: @arunavo4 on GitHub.

Just setup GiteaMirror and I noticed after setting up the Tokens The Import Initial GitHub Data Fails if I belong to an Organization With SAML Security or 2FA enabled. I belong to 2 of them for work and don't want them synced but I don't see any option to exclude them before the initial github import after setup. Is there an option I'm not seeing?

Error in GitHub data sync: 285 | };
286 | })

287 | );
288 | return organizations;
289 | } catch (error) {
290 | throw new Error(
^
error: Error fetching organizations: Resource protected by organization SAML enforcement. You must grant your Personal Access token access to this organization. - https://docs.github.com/articles/authenticating-to-a-github-organization-with-saml-single-sign-on/
at getGithubOrganizations (/app/dist/server/chunks/github_CeQfTNgm.mjs:290:15)
Error name: Error
Error message: Error fetching organizations: Resource protected by organization SAML enforcement. You must grant your Personal Access token access to this organization. - https://docs.github.com/articles/authenticating-to-a-github-organization-with-saml-single-sign-on/
Error stack: Error: Error fetching organizations: Resource protected by organization SAML enforcement. You must grant your Personal Access token access to this organization. - https://docs.github.com/articles/authenticating-to-a-github-organization-with-saml-single-sign-on/
at getGithubOrganizations (/app/dist/server/chunks/github_CeQfTNgm.mjs:290:15)
at processTicksAndRejections (native:7:39)
GET /user/memberships/orgs/GMR-TMP - 403 with id 9A1A:134614:E775F:E99CA:69AA7152 in 197ms
GET /orgs/GMR-FirstCall - 403 with id 9A1E:134614:E77A5:E9A09:69AA7152 in 230ms
GET /user/memberships/orgs/GMR-FirstCall - 403 with id 9A2C:134614:E77CC:E9A33:69AA7152 in 255ms
GET /user/starred?per_page=100 - 200 with id 9A0E:4D268:E037B:E2495:69AA7152 in 2200ms

Originally created by @RobertGonzales1 on GitHub (Mar 6, 2026). Original GitHub issue: https://github.com/RayLabsHQ/gitea-mirror/issues/217 Originally assigned to: @arunavo4 on GitHub. Just setup GiteaMirror and I noticed after setting up the Tokens The Import Initial GitHub Data Fails if I belong to an Organization With SAML Security or 2FA enabled. I belong to 2 of them for work and don't want them synced but I don't see any option to exclude them before the initial github import after setup. Is there an option I'm not seeing? Error in GitHub data sync: 285 | }; 286 | })  287 | ); 288 | return organizations; 289 | } catch (error) { 290 | throw new Error( ^ error: Error fetching organizations: Resource protected by organization SAML enforcement. You must grant your Personal Access token access to this organization. - https://docs.github.com/articles/authenticating-to-a-github-organization-with-saml-single-sign-on/ at getGithubOrganizations (/app/dist/server/chunks/github_CeQfTNgm.mjs:290:15) Error name: Error Error message: Error fetching organizations: Resource protected by organization SAML enforcement. You must grant your Personal Access token access to this organization. - https://docs.github.com/articles/authenticating-to-a-github-organization-with-saml-single-sign-on/ Error stack: Error: Error fetching organizations: Resource protected by organization SAML enforcement. You must grant your Personal Access token access to this organization. - https://docs.github.com/articles/authenticating-to-a-github-organization-with-saml-single-sign-on/ at getGithubOrganizations (/app/dist/server/chunks/github_CeQfTNgm.mjs:290:15) at processTicksAndRejections (native:7:39) GET /user/memberships/orgs/GMR-TMP - 403 with id 9A1A:134614:E775F:E99CA:69AA7152 in 197ms GET /orgs/GMR-FirstCall - 403 with id 9A1E:134614:E77A5:E9A09:69AA7152 in 230ms GET /user/memberships/orgs/GMR-FirstCall - 403 with id 9A2C:134614:E77CC:E9A33:69AA7152 in 255ms GET /user/starred?per_page=100 - 200 with id 9A0E:4D268:E037B:E2495:69AA7152 in 2200ms
GiteaMirror commented 2026-04-16 02:42:09 -05:00
Author
Owner
Copy Link

@arunavo4 commented on GitHub (Mar 6, 2026):

@RobertGonzales1 One idea is to skip these and show some toast rather than failing them. Trying to think about what else can we do in terms of UI?

<!-- gh-comment-id:4009999994 --> @arunavo4 commented on GitHub (Mar 6, 2026): @RobertGonzales1 One idea is to skip these and show some toast rather than failing them. Trying to think about what else can we do in terms of UI?
GiteaMirror commented 2026-04-16 02:42:09 -05:00
Author
Owner
Copy Link

@arunavo4 commented on GitHub (Mar 6, 2026):

Hey! This should be fixed in #218.

The problem was that when we fetched org details during import, a single 403 from a SAML-protected org would blow up the entire import — no repos, no orgs, nothing got through.

Now we catch those 403s per-org and save them with a "failed" status + the actual error message from GitHub. The rest of your import goes through normally. You'll see a toast telling you which orgs failed, and they'll show up in the Organizations tab with the error so you know exactly what happened.

From there you can either delete/ignore them if you don't need them, or grant your PAT access to those orgs on GitHub and re-import — they'll recover automatically.

<!-- gh-comment-id:4010046890 --> @arunavo4 commented on GitHub (Mar 6, 2026): Hey! This should be fixed in #218. The problem was that when we fetched org details during import, a single 403 from a SAML-protected org would blow up the entire import — no repos, no orgs, nothing got through. Now we catch those 403s per-org and save them with a "failed" status + the actual error message from GitHub. The rest of your import goes through normally. You'll see a toast telling you which orgs failed, and they'll show up in the Organizations tab with the error so you know exactly what happened. From there you can either delete/ignore them if you don't need them, or grant your PAT access to those orgs on GitHub and re-import — they'll recover automatically.
GiteaMirror commented 2026-04-16 02:42:10 -05:00
Author
Owner
Copy Link

@arunavo4 commented on GitHub (Mar 6, 2026):

@RobertGonzales1 If you can help test it that will be great docker pull ghcr.io/raylabshq/gitea-mirror:pr-218

<!-- gh-comment-id:4010059564 --> @arunavo4 commented on GitHub (Mar 6, 2026): @RobertGonzales1 If you can help test it that will be great `docker pull ghcr.io/raylabshq/gitea-mirror:pr-218`
GiteaMirror commented 2026-04-16 02:42:10 -05:00
Author
Owner
Copy Link

@RobertGonzales1 commented on GitHub (Mar 6, 2026):

IT WORKED! Got the error message about Org not importing but it grabbed all my repos!!! Push that PR to PROD!!!

NODE_EXTRA_CA_CERTS set to: /etc/ssl/certs/ca-certificates.crt

Using previously generated ENCRYPTION_SECRET

ENCRYPTION_SECRET has been set to a secure random value

Database already exists, Drizzle will check for pending migrations on startup...

Setting application version: 3.12.4

Checking for environment configuration...

No GitHub/Gitea environment variables found, skipping env config initialization.

Environment configuration loaded successfully

Running startup recovery...

Running startup recovery using compiled script...

Successfully connected to SQLite database using Bun's native driver

🔄 Checking for pending migrations...

Database migrations completed successfully

=== Gitea Mirror Startup Recovery ===

Timeout: 30000ms

Force recovery: false

Checking if recovery is needed...

No jobs need recovery. Startup can proceed.

Startup recovery completed successfully

Running repository status repair...

Running repository repair using compiled script...

Successfully connected to SQLite database using Bun's native driver

🔄 Checking for pending migrations...

Database migrations completed successfully

Repair process complete.

Repository status repair completed successfully

Starting Gitea Mirror...

12:13:51 [@astrojs/node] Server listening on

local: https://localhost:4321

network: https://172.17.0.5:4321

Successfully connected to SQLite database using Bun's native driver

🔄 Checking for pending migrations...

Database migrations completed successfully

Using BETTER_AUTH_URL: http://localhost:4321

Trusted origins: [ "http://localhost:4321", "http://localhost:8080", "http://10.30.1.110:4321" ]

🔧 Initializing shutdown manager and signal handlers...

🔧 Initializing shutdown manager...

Shutdown manager initialized

🔧 Setting up signal handlers for graceful shutdown...

Signal handlers registered successfully

Shutdown manager and signal handlers initialized

[ENV Config Loader] No environment configuration found, skipping initialization

Environment configuration loaded after user creation

No recovery needed (startup script likely handled it)

Starting automatic database cleanup service...

Starting background cleanup service...

Cleanup service started. Will run every 60 minutes.

Starting automatic mirror scheduler service...

[Scheduler] Starting scheduler service

Starting repository cleanup service...

[Repository Cleanup] Starting repository cleanup service

[Repository Cleanup] Service started, checking every 6 hours

[Scheduler] Auto-start conditions met for user nNNK3theCHHj1ATbhFcJZCsE0TAcBcoj (scheduleEnabled=true, hasMirrorInterval=true)

[Repository Cleanup] Processing 1 configurations

[Repository Cleanup] Starting repository cleanup for user nNNK3theCHHj1ATbhFcJZCsE0TAcBcoj

[Repository Cleanup] Warning: CLEANUP_DELETE_FROM_GITEA is false but CLEANUP_DELETE_IF_NOT_IN_GITHUB is true. Proceeding with cleanup.

[Scheduler] Auto-start detected from environment variables, triggering initial import and mirror...

[Scheduler] Performing initial auto-start...

[Scheduler] Auto-starting for user nNNK3theCHHj1ATbhFcJZCsE0TAcBcoj...

[Scheduler] Step 1: Importing repositories from GitHub for user nNNK3theCHHj1ATbhFcJZCsE0TAcBcoj...

GET /user/repos?per_page=100 - 200 with id EC44:4F6B5:19564BA:19C6DE6:69AAC504 in 450ms

[Scheduler] Importing 77 repositories for user nNNK3theCHHj1ATbhFcJZCsE0TAcBcoj...

[Scheduler] Successfully imported 77 repositories

[Scheduler] Step 2: Skipping initial mirror - autoMirror is disabled for user nNNK3theCHHj1ATbhFcJZCsE0TAcBcoj

[Scheduler] Parsed interval "86400" as 1d

[Scheduler] Scheduling enabled for user nNNK3theCHHj1ATbhFcJZCsE0TAcBcoj, next sync at 2026-03-07T12:13:59.696Z

[Scheduler] Initial auto-start completed

[Scheduler] Scheduler service started, checking every 1m for scheduled tasks

[Scheduler] To trigger manual sync, check your configuration intervals and ensure SCHEDULE_ENABLED=true or use GITEA_MIRROR_INTERVAL

[Scheduler] Processing 1 valid configurations (out of 1 with scheduling enabled)

[Scheduler] Skipping user nNNK3theCHHj1ATbhFcJZCsE0TAcBcoj - next run at 2026-03-07T12:13:59.696Z

GET /user/starred?per_page=100 - 200 with id EC4A:23DAF:1ACCAF1:1B3D3E1:69AAC504 in 2866ms

[Repository Cleanup] Skipping ConfusedPolarBear/intro-skipper - already archived

[Repository Cleanup] Skipping containrrr/watchtower - already archived

[Repository Cleanup] Skipping oznu/docker-cloudflare-ddns - already archived

[Repository Cleanup] Skipping tteck/Proxmox - already archived

[Repository Cleanup] No orphaned repositories found for user nNNK3theCHHj1ATbhFcJZCsE0TAcBcoj

GET /user/orgs?per_page=100 - 200 with id EC44:4F6B5:195AF55:19CB9FF:69AAC505 in 185ms

GET /user/memberships/orgs/GMR-TMP - 403 with id EC42:3EC695:1A97BF5:1B08689:69AAC506 in 185ms

GET /orgs/GMR-FirstCall - 403 with id EC4A:23DAF:1AD18F4:1B42392:69AAC506 in 183ms

Failed to import organization GMR-TMP - Resource protected by organization SAML enforcement. You must grant your Personal Access token access to this organization. - https://docs.github.com/articles/authenticating-to-a-github-organization-with-saml-single-sign-on/

Failed to import organization GMR-FirstCall - Resource protected by organization SAML enforcement. You must grant your Personal Access token access to this organization. - https://docs.github.com/articles/authenticating-to-a-github-organization-with-saml-single-sign-on/

GET /orgs/GMR-TMP - 403 with id EC44:4F6B5:195B05F:19CBB19:69AAC514 in 205ms

GET /user/memberships/orgs/GMR-FirstCall - 403 with id E8CA:4F6B5:195B0C3:19CBB74:69AAC514 in 254ms

GET /user/repos?per_page=100 - 200 with id EC32:F238C:1A7ACED:1AEB4B1:69AAC512 in 520ms

GET /user/starred?per_page=100 - 200 with id EC3C:106A9E:19F0276:1A61461:69AAC505 in 2236ms

Job 7b8bf9bf-3f2a-488a-a91e-63d45efa3e9d has no log data

Job 20493457-38d3-4c4a-b545-5937c58293e3 has no log data

Job 3f5ee399-8dd1-42c5-88bc-f773c5de5b4f has no log data

Job 1856eff1-5a54-4e14-8e6d-34a33a5da03b has no log data

Job 4594d33e-dedd-4e05-b5d2-a651526db5f9 has no log data

Job d296cd10-272e-4d0b-b530-286272fbd132 has no log data

Job b82a3455-88c2-4eb8-8a36-af1f1bcc6cc0 has no log data

Job 31179370-b19d-4889-9529-35627100674c has no log data

Job 275a7d5e-b34c-4975-aa99-1526eb3334c5 has no log data

Job 267b56bf-4dcd-43f7-a298-5b2d4804f699 has no log data

[Scheduler] Processing 1 valid configurations (out of 1 with scheduling enabled)

[Scheduler] Skipping user nNNK3theCHHj1ATbhFcJZCsE0TAcBcoj - next run at 2026-03-07T12:13:59.696Z

<!-- gh-comment-id:4011409262 --> @RobertGonzales1 commented on GitHub (Mar 6, 2026): IT WORKED! Got the error message about Org not importing but it grabbed all my repos!!! Push that PR to PROD!!! NODE_EXTRA_CA_CERTS set to: /etc/ssl/certs/ca-certificates.crt Using previously generated ENCRYPTION_SECRET ENCRYPTION_SECRET has been set to a secure random value Database already exists, Drizzle will check for pending migrations on startup... Setting application version: 3.12.4 Checking for environment configuration... No GitHub/Gitea environment variables found, skipping env config initialization. ✅ Environment configuration loaded successfully Running startup recovery... Running startup recovery using compiled script... Successfully connected to SQLite database using Bun's native driver 🔄 Checking for pending migrations... ✅ Database migrations completed successfully === Gitea Mirror Startup Recovery === Timeout: 30000ms Force recovery: false Checking if recovery is needed... ✅ No jobs need recovery. Startup can proceed. ✅ Startup recovery completed successfully Running repository status repair... Running repository repair using compiled script... Successfully connected to SQLite database using Bun's native driver 🔄 Checking for pending migrations... ✅ Database migrations completed successfully Repair process complete. ✅ Repository status repair completed successfully Starting Gitea Mirror... 12:13:51 [@astrojs/node] Server listening on local: https://localhost:4321 network: https://172.17.0.5:4321 Successfully connected to SQLite database using Bun's native driver 🔄 Checking for pending migrations... ✅ Database migrations completed successfully Using BETTER_AUTH_URL: http://localhost:4321 Trusted origins: [ "http://localhost:4321", "http://localhost:8080", "http://10.30.1.110:4321" ] 🔧 Initializing shutdown manager and signal handlers... 🔧 Initializing shutdown manager... ✅ Shutdown manager initialized 🔧 Setting up signal handlers for graceful shutdown... ✅ Signal handlers registered successfully ✅ Shutdown manager and signal handlers initialized [ENV Config Loader] No environment configuration found, skipping initialization ✅ Environment configuration loaded after user creation ✅ No recovery needed (startup script likely handled it) Starting automatic database cleanup service... Starting background cleanup service... ✅ Cleanup service started. Will run every 60 minutes. Starting automatic mirror scheduler service... [Scheduler] Starting scheduler service Starting repository cleanup service... [Repository Cleanup] Starting repository cleanup service [Repository Cleanup] Service started, checking every 6 hours [Scheduler] Auto-start conditions met for user nNNK3theCHHj1ATbhFcJZCsE0TAcBcoj (scheduleEnabled=true, hasMirrorInterval=true) [Repository Cleanup] Processing 1 configurations [Repository Cleanup] Starting repository cleanup for user nNNK3theCHHj1ATbhFcJZCsE0TAcBcoj [Repository Cleanup] Warning: CLEANUP_DELETE_FROM_GITEA is false but CLEANUP_DELETE_IF_NOT_IN_GITHUB is true. Proceeding with cleanup. [Scheduler] Auto-start detected from environment variables, triggering initial import and mirror... [Scheduler] Performing initial auto-start... [Scheduler] Auto-starting for user nNNK3theCHHj1ATbhFcJZCsE0TAcBcoj... [Scheduler] Step 1: Importing repositories from GitHub for user nNNK3theCHHj1ATbhFcJZCsE0TAcBcoj... GET /user/repos?per_page=100 - 200 with id EC44:4F6B5:19564BA:19C6DE6:69AAC504 in 450ms [Scheduler] Importing 77 repositories for user nNNK3theCHHj1ATbhFcJZCsE0TAcBcoj... [Scheduler] Successfully imported 77 repositories [Scheduler] Step 2: Skipping initial mirror - autoMirror is disabled for user nNNK3theCHHj1ATbhFcJZCsE0TAcBcoj [Scheduler] Parsed interval "86400" as 1d [Scheduler] Scheduling enabled for user nNNK3theCHHj1ATbhFcJZCsE0TAcBcoj, next sync at 2026-03-07T12:13:59.696Z [Scheduler] Initial auto-start completed [Scheduler] Scheduler service started, checking every 1m for scheduled tasks [Scheduler] To trigger manual sync, check your configuration intervals and ensure SCHEDULE_ENABLED=true or use GITEA_MIRROR_INTERVAL [Scheduler] Processing 1 valid configurations (out of 1 with scheduling enabled) [Scheduler] Skipping user nNNK3theCHHj1ATbhFcJZCsE0TAcBcoj - next run at 2026-03-07T12:13:59.696Z GET /user/starred?per_page=100 - 200 with id EC4A:23DAF:1ACCAF1:1B3D3E1:69AAC504 in 2866ms [Repository Cleanup] Skipping ConfusedPolarBear/intro-skipper - already archived [Repository Cleanup] Skipping containrrr/watchtower - already archived [Repository Cleanup] Skipping oznu/docker-cloudflare-ddns - already archived [Repository Cleanup] Skipping tteck/Proxmox - already archived [Repository Cleanup] No orphaned repositories found for user nNNK3theCHHj1ATbhFcJZCsE0TAcBcoj GET /user/orgs?per_page=100 - 200 with id EC44:4F6B5:195AF55:19CB9FF:69AAC505 in 185ms GET /user/memberships/orgs/GMR-TMP - 403 with id EC42:3EC695:1A97BF5:1B08689:69AAC506 in 185ms GET /orgs/GMR-FirstCall - 403 with id EC4A:23DAF:1AD18F4:1B42392:69AAC506 in 183ms Failed to import organization GMR-TMP - Resource protected by organization SAML enforcement. You must grant your Personal Access token access to this organization. - https://docs.github.com/articles/authenticating-to-a-github-organization-with-saml-single-sign-on/ Failed to import organization GMR-FirstCall - Resource protected by organization SAML enforcement. You must grant your Personal Access token access to this organization. - https://docs.github.com/articles/authenticating-to-a-github-organization-with-saml-single-sign-on/ GET /orgs/GMR-TMP - 403 with id EC44:4F6B5:195B05F:19CBB19:69AAC514 in 205ms GET /user/memberships/orgs/GMR-FirstCall - 403 with id E8CA:4F6B5:195B0C3:19CBB74:69AAC514 in 254ms GET /user/repos?per_page=100 - 200 with id EC32:F238C:1A7ACED:1AEB4B1:69AAC512 in 520ms GET /user/starred?per_page=100 - 200 with id EC3C:106A9E:19F0276:1A61461:69AAC505 in 2236ms Job 7b8bf9bf-3f2a-488a-a91e-63d45efa3e9d has no log data Job 20493457-38d3-4c4a-b545-5937c58293e3 has no log data Job 3f5ee399-8dd1-42c5-88bc-f773c5de5b4f has no log data Job 1856eff1-5a54-4e14-8e6d-34a33a5da03b has no log data Job 4594d33e-dedd-4e05-b5d2-a651526db5f9 has no log data Job d296cd10-272e-4d0b-b530-286272fbd132 has no log data Job b82a3455-88c2-4eb8-8a36-af1f1bcc6cc0 has no log data Job 31179370-b19d-4889-9529-35627100674c has no log data Job 275a7d5e-b34c-4975-aa99-1526eb3334c5 has no log data Job 267b56bf-4dcd-43f7-a298-5b2d4804f699 has no log data [Scheduler] Processing 1 valid configurations (out of 1 with scheduling enabled) [Scheduler] Skipping user nNNK3theCHHj1ATbhFcJZCsE0TAcBcoj - next run at 2026-03-07T12:13:59.696Z
GiteaMirror commented 2026-04-16 02:42:12 -05:00
Author
Owner
Copy Link

@arunavo4 commented on GitHub (Mar 7, 2026):

Done — v3.12.5 is live: https://github.com/RayLabsHQ/gitea-mirror/releases/tag/v3.12.5

<!-- gh-comment-id:4015155721 --> @arunavo4 commented on GitHub (Mar 7, 2026): Done — v3.12.5 is live: https://github.com/RayLabsHQ/gitea-mirror/releases/tag/v3.12.5
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
documentation
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 question
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea-mirror#711
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?