Make GitHub scopes configurable about gitness HOT 8 CLOSED

You still can use http to clone repos when GH:E is in private mode. It would only require an oauth token with the right privileges. Using oauth tokens is easier to manage, since you don't have to add the deploy key to every repo, and probably more secure, since revoking access only requires you to remove the grant for the token in your organization.

from gitness.

yes, we can definitely alter our approach to use the github oauth token. In this case I think we'll want to generate a .netrc file to store the credentials in the container. This would allow an individual to clone multiple private repositories as part of their build script without embedding credentials in the .drone.yml file.

we need to rework our git logic anyway to support caching:
#147 (comment)

from gitness.

I wanted to document a conversation I'm having on our mailing list. It looks like GitHub now offers admin:repo_hook which means we can probably re-think our scopes and require much less invasive permissions.

I think we should use these scopes:

admin:repo_hook  -> this allows us to write hooks to the repo  
repo:status      -> this allows us to write the build status to github
user:email       -> this allows us to retrieve the user details, including the email

We wouldn't be able to add an SSH key to the repository with the above scopes, however, this would be resolved (as mentioned above) by using the OAuth token to clone the repository, using the https address:

git clone https://<token>:[email protected]/owner/repo.git

I believe the .netrc will still be very important. We'll need to ensure we can clone private dependencies (when using things like go get, for example). We'll need to account for this when generating our build container.

We'll also need to add the username/password to the build.Builder.Repo somewhere in the queue (I think).

I'm modifying the title of this issue to reflect the revised goal and solution

from gitness.

Maybe I spoke too soon... It looks like to clone a repository we still need to request the repo scope, which requires read/write access to a repository.

I see GitHub has been doing a lot of work to add more fine-grained scopes. @calavera are there plans to create a scope that can clone a repository without requiring write access? something like repo:read?

from gitness.

Yes, the lack of a repo:read scope was the main roadblock I ran into when I was investigating this. Having that scope would be very useful.
AFAIK, the only way right now to clone a private repository without also requiring write access was to create a "machine user" with read-only permissions to the repository, which was the workaround I suggested on the mailing list. Unfortunately this user cannot create commit status and repo hooks on the organization's private repos.

from gitness.

Yep, the GitHub team has clearly been putting a lot of effort into security and scopes, which is awesome. I wouldn't be surprised if repo:read was on their roadmap. Hopefully @calavera has some inside information he can share :)

from gitness.

Would it be possible to let the user choose public_repo instead of only repo? I don't need drone.io for my private projects.

from gitness.

fixed by #1511

from gitness.