Monthly permission audit and sync to GitHub
Once a month, Notis audits who has access in Google Drive and automatically updates GitHub branch permissions to match. Access stays secure without manual compliance work.
Trigger
Recurring schedule
Notis starts this workflow on a schedule, such as daily, weekly, or during business hours.
Action
Add user access restrictions
Sets/replaces list of users allowed to push to a protected branch; usernames (e.g., `["user1"]`) must be a json array in request body (not schema parameters), an empty array `[]` removes all restrictions.
Why this helps
You forget to audit who can push to main. Months pass, old contractors still have access, new team members are blocked. Compliance nightmares and security risks pile up.
- Monthly audits run automatically without manual work
- GitHub branch access stays aligned with actual team
- Catches stale access before it becomes a risk
- Reduces compliance workload and security gaps
Setup
Build it in a few focused steps.
- 1Connect Google Drive and GitHub to Notis.
- 2Tell Notis: "On the first of each month, review who has access in Drive and update branch permissions in GitHub."
- 3Point Notis to your team roster in Drive.
- 4Wait for the first run, then review Notis's access report and GitHub changes.
Questions about this workflow
What if access is identical to last month?
Notis reports no changes and makes no modifications—efficiency is built in.
Can I audit more frequently?
Yes. Run weekly, bi-weekly, or any interval that matches your security needs.
Does Notis send a compliance report?
Yes. Notis can email you a summary of who has access and any changes made.
When this happens · Trigger
Do this · Action
Supported Triggers and Actions
Notis builds workflows that link Google Drive to GitHub. A trigger fires from one place; an action lands in another.
Google Drive triggers
GitHub actions
Comment Added (Docs/Sheets/Slides)
Triggers when a new comment is added to Google Docs, Sheets, or Slides.
Accept a repository invitation
Accepts a pending repository invitation that has been issued to the authenticated user.
File Created
Triggers when a new file is created in Google Drive.
List repositories starred by the authenticated user
Deprecated: lists repositories starred by the authenticated user, including star creation timestamps; use 'list repositories starred by the authenticated user' instead.
File Deleted or Trashed
Triggers when a file is moved to trash or permanently deleted in Drive.
List stargazers
Deprecated: lists users who have starred a repository; use `list stargazers` instead.
File Shared (Permissions Added)
Triggers when new sharing permissions are granted to a file or folder. Uses Drive's `changes.list` endpoint with inline `permissions` in the `fields` mask so each change carries the file's current permission set provider-atomically. We diff that against `seen_permission_keys` to identify newly added grants. Drive page tokens are the primary cursor; if Drive rejects a stored token, the trigger raises `PollingTriggerError` without clearing state rather than silently re-baselining and dropping events. Limitation: truly ephemeral permissions (added and revoked between two polls without any other file modification in between) are not detected. Drive Activity API would catch those but requires an additional OAuth scope and a different payload contract.
Star a repository for the authenticated user
Deprecated: stars a repository for the authenticated user; use `star a repository for the authenticated user` instead.
File Updated
Triggers when a file's metadata or content changes in Google Drive.
Add email for auth user
Adds one or more email addresses (which will be initially unverified) to the authenticated user's github account; use this to associate new emails, noting an email verified for another account will error, while an existing email for the current user is accepted.
Google Drive Changes
Triggers when changes are detected in a Google Drive.
Add app access restrictions
Replaces github app access restrictions for an existing protected branch; requires a json array of app slugs in the request body, where apps must be installed and have 'contents' write permissions.
New File Matching Query
Triggers when a new Google Drive file matches a provided query. This is the legacy query-centric trigger: it preserves Drive API query config such as ``corpora`` / ``driveId`` aliases and emits the historical ``file_matching_query`` event type. ``FileCreatedTrigger`` covers the broader "new file" case and emits ``file_created``.
Add a repository collaborator
Adds a github user as a repository collaborator, or updates their permission if already a collaborator; `permission` applies to organization-owned repositories (personal ones default to 'push' and ignore this field), and an invitation may be created or permissions updated directly.
Add a repository to an app installation
Adds a repository to a github app installation, granting the app access; requires authenticated user to have admin rights for the repository and access to the installation.
Connect any two apps with Notis in the middle.
Not just Google Drive and GitHub. Any combination from 985+ integrations.
When this happens · Trigger
Do this · Action
Save your first hour today.
7 days free trial with 20$ free usage included.
No card. Works with personal or business GitHub.
