I'm writing an application that links to a user's github account. It will push some files to their github account. I only need access to a single repo (of their choosing), but from the github docs it seems that there's only:
read/write access to all public repos
read/write access to all repos (public AND private)
No way to lock down auth to a single repo, is that correct? I mostly wanted to do this for the user's peace of mind, rather than any requirements at my end (from my app I can get them to select which repo to push to).
Source: Github oauth docs
Related
I'm trying to get the two following values for a Github repository using the Github API but I've been unsuccessful so far:
Is there a way to get these two information from the API provided by Github, at least for public repos?
Thanks.
There's a way to give access to a Github user passing his username or id to some API?
An another solution to automate access to the repo is welcome too.
Thanks!
I couldn't find any endpoint in the docs :/
I received email from Shopify like :
This is Shopify’s Partner Governance team. We are reaching out as our security team discovered that secret API credentials for the Public/Draft app S**y have been exposed in the following public repository:
We require that you eliminate this vulnerability by a) closing the above exposure, and b) address the vulnerable app by re-creating a new version of the app with new credentials and deleting the exposed app
So, Do I have to delete the Shopify app or is it fine if I only delete that repo?
As I don't want to remove old app because getting an access of some points in Shopify app but it will take too much time.
You should follow what they are saying. You don't need to delete the app.
Yuo remove the credentials from the repository (keep in mind that is not sufficient to just remove the file and push because it will still be in the git history - check here How to remove file from Git history?)
You go into the app settings on shopify.dev and recreate your API secrets.
How can I use RestAPI to set permissions for Build definitions, Release definitions, git repo and team securities? When I was using TFS, I was able to do this using Tfsssecurity.exe tool.
Edited.
For example, I am trying to modify the project permissions of Contributors group. like Allow Contributors to rename team project etc.
enter image description here
Are you looking for the Security API page?
You probably need to manage group membership using Graph API.
The Get started page lists the libraries you can use and how to authenticate.
There isn’t the REST API to change permission of release definition and git repo. Other contributors submit a user voice that you can vote Set version control permissions by REST API
For details,please refer to these links:
VSTS REST API to change security permissions on Release definition or Release definition environment
Use VSTS Rest API to set git repo permissions
Hope this helps.
I'm using gemfury to host a private package that will be used by other people in my github organization. I'm also using CircleCI (but this applies to any CI system) for building/pushing.
My CI setup watches for any new tags in github and then pushes this new tag to gemfury.
My issue with the current setup is that I'm using my personal access token to authenticate. To me, this means the builds are dependent on my status as collaborator of the organization, and would break if I were to leave. I know I could instead use the Account token, but it feels insecure (what happens if the token is compromised?).
Ideally I would be able to generate application-specific push tokens that belong to the organization, and use those in CircleCI. If the token is compromised, it could be easily revoked and it wouldn't break other applications. However, gemfury does not offer this option.
I think my only option is to create a "fake" CI user add add it to my github organization. I could then use this user's personal token to push builds. Is this correct? Are there any other better approaches? I don't want to have to add a fake user for every package.
You are in luck!
Under the menu item Tokens when logged in, you can find a tabbed interface, where Push tokens can be created:
Push tokens βeta
These tokens can authorize new package uploads for this account.
You can integrate these into your CI builds, etc.
These are impersonal, and can be used for this!
Good luck!