We have hired a 3rd party to work on a project, we started by not creating any Repo on our Github, but they started with their Repo. So now it's time to transfer the repo. However, in order to transfer the repo, the developer is asking permission to create a Repo in our Org... but as far as I know, I can only invite him first as a collaborator, a member, before he can create any private repo in our Org... that means he can see our other repo...
I couldn't find any good answer online, please help. Thanks!
Have you tried using Github's Organization features? You can create an organization with your team members in it, and control who has access to what.
Here's a Github page that explains a bit more about how it works.
Do not add them as a member to your Org! (this is the only option today from Github, nor owners...of course). If you do so, this will give your external developer access to all of your repos.
The only way I found you can safely invite an external user is to create a Repo first, then add them in that Repo. By doing that, they will be invited only to that repo, and have no access to the others.
This is my workaround. If you have a better solution, please do comment. I am curious how the "transfer" feature works.
Related
I've almost done my first big project in React+Typescript+Redux and started it on Firebase with users and some database conneted with logged users.
It was supposed to be my project to portfolio before looking for my first dev job, but it start to be very complex.
Now I have idea to use it in the future to make commercial app.
So the problem is I don't want to publish my code on github, but at the same time I want to publish all my commits and repository description on Github for recrutiers (and all my tasks from trello table). Is it possible to publish only commits and description from github repository?
No, this is not possible. If your repository is public, anyone can clone the entire repository. The only way to make your code inaccessible is to make the repository private, which means nobody can see it without having permssion.
Just for my curiosity, when I use these tool only to sync with repo in private network.
Is my code privacy protected, although GitKraken asks for GitHub login.
Thanks,
I know it's a bit late, but if someone else stumbles upon this, I might as well give some advice. Note: I am assuming Windows as OS.
There are two main things regarding privacy in this case:
Access to code which is associated with your GitHub account
Access to your local (cloned) code
SourceTree will use some key you provide via Pageant to clone, pull, push, etc. from your remote repository. You decide which key you use, e.g., if using a deploy key for some repository it will only be able to "interact" with this repository.
For GitKraken it is basically the same when you use a GitKraken account. If you use your Github account to sign in or you want to use the Glo feature, GitKraken asks for full admin access as well as read/write permissions on all public and private repositories.
With that being said, both naturally need to access at least the repository with which you want to work and could, in theory, transfer your code from this repository to a third party (or themselves).
TL;DR
There is no real (as in proven) privacy for your code when using a git client
Is it possible to 'symlink' to a github repository? That is, have a github repository at github.com/user1/symlink_to_project seamlessly point to github.com/user2/another_project? The use case is an organization that wants to link to an existing project that already has numerous issues, stars, etc. I'm not sure what the proper term for this would be in github parlance, although I've searched for mirror, link, etc.
It's not possible to "symlink" a repository, but likely what you want to do is transfer the repository to an Organization account.
More info here: https://help.github.com/articles/transferring-a-repository/
What's transferred with a repository?
When you transfer a repository, its issues, wiki, stars, and watchers are also transferred.
that's basically what git submodules are: https://git-scm.com/book/en/v2/Git-Tools-Submodules
you can do it, but if you are going to use submodules you are usually going to have a bad time in the long run.
I know that the owner of a repo is able to see a fork request when one is performed. But what about a clone? Can the owner of the repo see when someone clones it?
The question is too general, but let me answer the question as it stands now.
Can the owner of the repo see when someone clones it?
No, they cannot. If I go to one of your repositories and clone it to my local hard drive, the owner will not be able to view that activity. And why would you want to? Likely there are many clones of your repository.
Know that clones can live on other systems than GitHub.
Now, will the owner know that someone forked their repository on GitHub itself?
Yes, they will, assuming they pay attention.
I did the following:
Logged in as my main account
Created a repository
Set up a new dummy-account on an alternate email address
Forked the repository I created earlier
Logged back into my main account
This is what I see on my first page after logging in:
If I do the following:
Click on my repository
Click on the small 1 to the right of the "Fork" button:
Click on the "Members" tab:
Then I see this:
Conclusion:
Yes, the owner of a repository will see when someone makes a fork on GitHub, but no, they will not see it when someone makes a clone somewhere else.
As far what I found you CAN'T know when someone clones it (if you mean exact time) nor who cloned it.
But you can know how many clones were made on which date and the number of unique cloners from ths url.
https://github.com/{usernamme}/{reponame}/graphs/traffic
Insights tab:
However one thing I find fishy is unique cloners is more than unique visitors, how can someone decide to clone even without visiting the repo. I guess it may be bots in such cases.
You can use clone graph on GitHub to find out how many times your repository's source code is actually cloned in a given day. More information can be found here https://help.github.com/articles/about-repository-graphs/#traffic
Yes, it can be done.
Go to your account landing page- https://github.com/yourusername
Click on the repo you want to check traffic for.
Click on Insights on top navigation bar.
Click on Traffic on left navigation bar.
Voila, you will get your traffic including no of clones with a timeline.
Reference: clone graph
Open Github, find your repo, click on it. Then click on Insights and finally click on Traffic. Github shows a graph Traffic including git clones. Salutes!
As for now we can obtain this information with Rest API /audit-log,
but it is available only for Enterprise users with org:read permission.
We can see the actual users that have preformed fetch, clone and many more actions.
https://docs.github.com/en/rest/reference/orgs#get-the-audit-log-for-an-organization
as long as you have access to the repo, aka an ssh key on the filesystem with the remote, then yes. you would do as follows:
git fetch some_remote
git log some_remote/some_branch
We need to have a read only github repo that mirrors our main branch.
I've noticed castle have managed to do it with their entire collection of repositories.
How would I go about achieving this?
Castleproject is an organization (also mentioned here) in order to restrict write access.
That is why you see read-only addresses on their projects.
That also means it (ie the organization "castleproject") can add users with read-only rights.
As a simple user owning a GitHub repo, you wouldn't have access to that feature.
You need to define an "organization".
I believe this is what you are looking for right here:
http://justcramer.com/2011/05/09/creating-a-one-way-git-server-mirror/