I have a github app that invoke Jenkins pipeline (in Enterprise github) which uses /api/v3/app/installations/${payload_installation_id}/access_tokens to create an access token.
I am able to clone repositories using that access token as long as they are public.
I ran into a problem where one of the repositories I'm using has submodules and one of the submodules are private.
What do I need to do to give this github app access to that private repository?
I did confirm that changing that repo to be public is solving the problem but there is a reason that repo need to be private.
Related
I recently created a private git repository for a project with my friends but I don't want all of them to be collaborators. Can I give some of them the ability to only create pull requests and not merge them?
You could have used protected branches, but they are only available with private repositories for GitHub pro, not GitHub free.
One workaround is simply to create a second private repository for your friends: thy can push to it, and make pull requests to your private repository from there.
I am having a difficult time cloning a private repository in my Travis CI script.
How can I supply my credentials to clone a GitHub repository from the command line?
The easiest way to clone a repository with the bare minimum credentials is to use OAuth protocol authentication using a "Personal Access Token".
First, you will need to generate a Personal Access Token from your GitHub account that has privilege to the private repository. Then use the following command format to clone the repository using OAuth.
git clone https://<personal_access_token>:x-oauth-basic#github.com/<user>/<repo>.git
One of our users create a private repository within and organisation on GitHub Enterprise. He added a collaborator, but this person get 404 error when trying to access the repo. I added my account to this repo and all works fine for me.
Added collaborator is in the same organisation, repo is visible on his profile, link to repo is fine too (it works for me and repo owner).
I was searching the answer in Internet, but no luck.
Do you have any idea, what can cause this situation?
This usually happens because the user who is having an issue's client isn't properly authenticating.
You can read more about it here: https://developer.github.com/v3/troubleshooting/
So, my question is:
How to access private repositories of Bitbucket/Github or any other online web-based version control repository hosting service.
Any feedback is most welcome.
Thanks
Steve Washer
I'll only speak for github as a daily github user. The only way to access them is either by being member of the repository or outside collaborator of the repository. Owner of the repo can add you to it in the repository Settings.
Another way is to ask any of the members to provide you the personal access token, which you could use to read the repository via the API. This is however, unsafe.
Yet another way is asking the repository owner or any repo user to add your public SSH key to his account so you may have repo access (clone, commit) without ability to view it on github.com
Summary: you always need to talk to the owner or any of the current repository members. Private repo will never be accessible otherwise.
My organization has a private repo and we've brought on a few contractors and given them access to the code base.
These contractors have been forking the code base, and I wanted to evaluate the potential security implications of that.
Could any of these forkers make the code public if they choose to?
If their access is removed from the original project, will their access to the forked repo also be removed?
Could any of these forkers make the code public if they choose to?
Yes, they can push it to a new public Git repo (on GitHub or any other Git hosting service)
If their access is removed from the original project, will their access to the forked repo also be removed?
See "Removing a collaborator from a personal repository"
While forks of private repositories are deleted when a collaborator is removed, the person will still retain any local clones of your repository.
For a better security, contractors usually operate on PCs inside the organization through VPN. Those PCs can then limit or prevent internet access.