[almighty] Almighty Build Service and Private repositories
Tomas Nozicka
tnozicka at redhat.com
Fri Oct 28 08:32:01 UTC 2016
> Does upload of key not imply you have granted Almighty system account
> 100% access to
> your GitHub settings ?
I would assume Almighty have privileges to do so, through scoped OAuth
probably (so not the whole account), or we can instruct user that this
is the public key, please set it as a deploy key for repository and
here is a doc about how you do it.
Point was that this is done by Almighty Build Service and the
(possibly) 3rd party provider gets only the private key with read-only
permissions for specific repository, not an access to whole github.
>
> That might be a permission we only want to ask for temporarily if GitHub
> even
> allow such access.
Sure, if possible.
There is probably a scope for this (bellow) call, hopefully under
repository management.
https://developer.github.com/v3/repos/keys/#add-a-new-deploy-key
>
> /max
> http://about.me/maxandersen
More information about the almighty-public
mailing list