Audit GitHub access after doc deletion

Archive a confidential spec or contract in Google Drive, and Notis automatically audits the GitHub repo to confirm only the right people have access. Security checks happen in the background.

Trigger

File Deleted or Trashed

Triggers when a file is moved to trash or permanently deleted in Drive.

GitHub logo

Action

Check if a user is a repository collaborator

Checks if a user is a collaborator on a specified github repository, returning a 204 status if they are, or a 404 status if they are not or if the repository/user does not exist.

Why this helps

You delete a sensitive doc from Drive, but never check if the related GitHub repo access is still correct. Unauthorized people might still have access, creating a security blind spot.

  • Security checks trigger automatically when sensitive docs are removed
  • Reduces manual access audits
  • Catches accidental over-sharing early
  • Keeps repository access aligned with document lifecycle

Setup

Build it in a few focused steps.

  • 1Connect Google Drive and GitHub to Notis.
  • 2Tell Notis: "When a sensitive doc is deleted, check who has access to the GitHub repo and alert me if anyone unexpected is listed."
  • 3Mark which Drive folders contain sensitive content.
  • 4Delete a test doc and review Notis's access report.

Questions about this workflow

What counts as 'sensitive'?

You define it—contracts, private specs, security docs, whatever matters to your team.

Does Notis remove people from GitHub?

No, it only audits and reports. You decide whether to revoke access based on Notis's findings.

How often does it check?

Immediately when a doc is deleted, and optionally on a schedule (weekly, monthly) for ongoing compliance.

When this happens · Trigger

Do this · Action

Supported Triggers and Actions

Notis builds workflows that link Google Drive to GitHub. A trigger fires from one place; an action lands in another.

Google Drive logo

Google Drive triggers

GitHub logo

GitHub actions

Comment Added (Docs/Sheets/Slides)

Triggers when a new comment is added to Google Docs, Sheets, or Slides.

TriggerPolling

Accept a repository invitation

Accepts a pending repository invitation that has been issued to the authenticated user.

ActionInstant

File Created

Triggers when a new file is created in Google Drive.

TriggerPolling

List repositories starred by the authenticated user

Deprecated: lists repositories starred by the authenticated user, including star creation timestamps; use 'list repositories starred by the authenticated user' instead.

ActionInstant

File Deleted or Trashed

Triggers when a file is moved to trash or permanently deleted in Drive.

TriggerPolling

List stargazers

Deprecated: lists users who have starred a repository; use `list stargazers` instead.

ActionInstant

File Shared (Permissions Added)

Triggers when new sharing permissions are granted to a file or folder. Uses Drive's `changes.list` endpoint with inline `permissions` in the `fields` mask so each change carries the file's current permission set provider-atomically. We diff that against `seen_permission_keys` to identify newly added grants. Drive page tokens are the primary cursor; if Drive rejects a stored token, the trigger raises `PollingTriggerError` without clearing state rather than silently re-baselining and dropping events. Limitation: truly ephemeral permissions (added and revoked between two polls without any other file modification in between) are not detected. Drive Activity API would catch those but requires an additional OAuth scope and a different payload contract.

TriggerPolling

Star a repository for the authenticated user

Deprecated: stars a repository for the authenticated user; use `star a repository for the authenticated user` instead.

ActionInstant

File Updated

Triggers when a file's metadata or content changes in Google Drive.

TriggerPolling

Add email for auth user

Adds one or more email addresses (which will be initially unverified) to the authenticated user's github account; use this to associate new emails, noting an email verified for another account will error, while an existing email for the current user is accepted.

ActionInstant

Google Drive Changes

Triggers when changes are detected in a Google Drive.

TriggerPolling

Add app access restrictions

Replaces github app access restrictions for an existing protected branch; requires a json array of app slugs in the request body, where apps must be installed and have 'contents' write permissions.

ActionInstant

New File Matching Query

Triggers when a new Google Drive file matches a provided query. This is the legacy query-centric trigger: it preserves Drive API query config such as ``corpora`` / ``driveId`` aliases and emits the historical ``file_matching_query`` event type. ``FileCreatedTrigger`` covers the broader "new file" case and emits ``file_created``.

TriggerPolling

Add a repository collaborator

Adds a github user as a repository collaborator, or updates their permission if already a collaborator; `permission` applies to organization-owned repositories (personal ones default to 'push' and ignore this field), and an invitation may be created or permissions updated directly.

ActionInstant

Add a repository to an app installation

Adds a repository to a github app installation, granting the app access; requires authenticated user to have admin rights for the repository and access to the installation.

ActionInstant

Connect any two apps with Notis in the middle.

Not just Google Drive and GitHub. Any combination from 985+ integrations.

When this happens · Trigger

Do this · Action

Save your first hour today.

7 days free trial with 20$ free usage included.
No card. Works with personal or business GitHub.