[almighty] Almighty Build Service and Private repositories

Tomas Nozicka tnozicka at redhat.com
Thu Oct 27 12:34:26 UTC 2016 

Inline.

On Thu, 2016-10-27 at 14:03 +0200, Max Rydahl Andersen wrote:
> > > > 3. Machine users
> > > >    - Regular account, using ssh key
> > > >    - You have to create them manually
> > > 
> > > Which of the three above is what Github call access tokens ?
> > > (https://github.com/blog/1509-personal-api-tokens and 
> > > https://help.github.com/articles/creating-an-access-token-for-com
> > > mand
> > > -line-use/)
> > > 
> > > Is that what you call OAuth tokens ?
> > 
> > Yes.
> > They are actually the same terms as Github uses in their
> > documentation
> > which I have referenced as [3]; your response kind of cut it off so
> > here is the link once more:
> >   https://developer.github.com/guides/managing-deploy-keys/
> > here is another detail:
> >   https://help.github.com/articles/git-automation-with-oauth-tokens
> > /
> > 
> > I hope this helps you.
> 
> it does - they seem to mix oauth tokens wit access tokens rather 
> liberally which
> confused me at first.
> 
> > > And around Deploy keys - I couldn't find a way to limit access
> > > to 
> > > specific repositories.
> > > Got a link/screenshot where that happens ?
> > 
> > The screenshot is in the reference [3] as well.
> >   https://developer.github.com/guides/managing-deploy-keys/
> > You add the public deploy key per repository.
> 
> Got it - I was looking under my own personal ssh keys, and expecting 
> deploy keys to
> be what I would manage - but instead it is per repo thus you'll have
> to
> set the deploy key multiple times if need be.
And I see it as a feature because it gives you granular control and
bigger security if you use different keys for different repositories.

> 
> Makes sense - and now I got it :)
> 
> And now I grok that the interesting part is that the public key on 
> GitHub is not a private thing
> but almighty need to somehow give the build service access to the 
> private key before we can
> even look into the repo.
Yes, Almighty will generate private/public key pair, set up public one
as read-only deploy key on github and gives private key to Build
Provider to clone the repository.

> 
> /max
> http://about.me/maxandersen

More information about the almighty-public mailing list