Audit GitHub access after doc deletion
Archive a confidential spec or contract in Google Drive, and Notis automatically audits the GitHub repo to confirm only the right people have access. Security checks happen in the background.
Trigger
File Deleted or Trashed
Triggers when a file is moved to trash or permanently deleted in Drive.
Action
Check if a user is a repository collaborator
Checks if a user is a collaborator on a specified github repository, returning a 204 status if they are, or a 404 status if they are not or if the repository/user does not exist.
Why this helps
You delete a sensitive doc from Drive, but never check if the related GitHub repo access is still correct. Unauthorized people might still have access, creating a security blind spot.
- Security checks trigger automatically when sensitive docs are removed
- Reduces manual access audits
- Catches accidental over-sharing early
- Keeps repository access aligned with document lifecycle
Setup
Build it in a few focused steps.
- 1Connect Google Drive and GitHub to Notis.
- 2Tell Notis: "When a sensitive doc is deleted, check who has access to the GitHub repo and alert me if anyone unexpected is listed."
- 3Mark which Drive folders contain sensitive content.
- 4Delete a test doc and review Notis's access report.
Questions about this workflow
What counts as 'sensitive'?
You define it—contracts, private specs, security docs, whatever matters to your team.
Does Notis remove people from GitHub?
No, it only audits and reports. You decide whether to revoke access based on Notis's findings.
How often does it check?
Immediately when a doc is deleted, and optionally on a schedule (weekly, monthly) for ongoing compliance.
When this happens · Trigger
Do this · Action
Supported Triggers and Actions
Notis builds workflows that link Google Drive to GitHub. A trigger fires from one place; an action lands in another.
Google Drive triggers
GitHub actions
Comment Added (Docs/Sheets/Slides)
Triggers when a new comment is added to Google Docs, Sheets, or Slides.
Accept a repository invitation
Accepts a pending repository invitation that has been issued to the authenticated user.
File Created
Triggers when a new file is created in Google Drive.
List repositories starred by the authenticated user
Deprecated: lists repositories starred by the authenticated user, including star creation timestamps; use 'list repositories starred by the authenticated user' instead.
File Deleted or Trashed
Triggers when a file is moved to trash or permanently deleted in Drive.
List stargazers
Deprecated: lists users who have starred a repository; use `list stargazers` instead.
File Shared (Permissions Added)
Triggers when new sharing permissions are granted to a file or folder. Uses Drive's `changes.list` endpoint with inline `permissions` in the `fields` mask so each change carries the file's current permission set provider-atomically. We diff that against `seen_permission_keys` to identify newly added grants. Drive page tokens are the primary cursor; if Drive rejects a stored token, the trigger raises `PollingTriggerError` without clearing state rather than silently re-baselining and dropping events. Limitation: truly ephemeral permissions (added and revoked between two polls without any other file modification in between) are not detected. Drive Activity API would catch those but requires an additional OAuth scope and a different payload contract.
Star a repository for the authenticated user
Deprecated: stars a repository for the authenticated user; use `star a repository for the authenticated user` instead.
File Updated
Triggers when a file's metadata or content changes in Google Drive.
Add email for auth user
Adds one or more email addresses (which will be initially unverified) to the authenticated user's github account; use this to associate new emails, noting an email verified for another account will error, while an existing email for the current user is accepted.
Google Drive Changes
Triggers when changes are detected in a Google Drive.
Add app access restrictions
Replaces github app access restrictions for an existing protected branch; requires a json array of app slugs in the request body, where apps must be installed and have 'contents' write permissions.
New File Matching Query
Triggers when a new Google Drive file matches a provided query. This is the legacy query-centric trigger: it preserves Drive API query config such as ``corpora`` / ``driveId`` aliases and emits the historical ``file_matching_query`` event type. ``FileCreatedTrigger`` covers the broader "new file" case and emits ``file_created``.
Add a repository collaborator
Adds a github user as a repository collaborator, or updates their permission if already a collaborator; `permission` applies to organization-owned repositories (personal ones default to 'push' and ignore this field), and an invitation may be created or permissions updated directly.
Add a repository to an app installation
Adds a repository to a github app installation, granting the app access; requires authenticated user to have admin rights for the repository and access to the installation.
Connect any two apps with Notis in the middle.
Not just Google Drive and GitHub. Any combination from 985+ integrations.
When this happens · Trigger
Do this · Action
Save your first hour today.
7 days free trial with 20$ free usage included.
No card. Works with personal or business GitHub.
