Github: readonly access to a private repo

Question

I am developing some private projects on Github, and I would like to add nightly cronjobs to my deployments servers to pull the latest version from github. I am currently doing this by generating keypairs on every deployment server and adding the public key to the github project as 'Deployment key'.

However, I recently found out that these deployment keys actually do have write access to the project. Hence, every of the server administrators could potentially start editing. Furthermore I can add every deployment key to only one repository, whereas I would like to be able to deploy multiple repositories on one and the same deployment server.

Is there a way to provide read-only access for private repositories to selected users on Github?

You want to have *restricted* **read only** access, isn't it? If you want *unrestricted* read-only access, you can use `git://` protocol instead of `ssh://` (`ssh+git://`). — Jakub Narębski, May 19 '10 at 21:27

pmdj · Accepted Answer · 2019-11-17T12:49:56.710

76

I have it on good authority that the (relatively new) "Organizations" feature allows you to add people with read-only access to a private repository.

edited Nov 17 '19 at 12:49

answered Nov 08 '10 at 18:03

pmdj

22,018
3
52
103

30

That is actually a workaround as you need to create a personal account. They could've designed this better by allowing the creation of API tokens per organization with rights thus eliminating the workaround to either compromise a team member's account or to create a fake personal account. – nikolay May 29 '13 at 04:26
29

Too bad you've got to pay $25/mo for that feature. For a small site, that $300/yr can pay for a lot of hosting elsewhere. Thanks @Trindaz – Joseph Lust Apr 30 '14 at 15:21
8

That's why BitBucket is not a second fiddle to Github. – treecoder Mar 20 '15 at 03:16
2

This answer is outdated. See the answer on read-only deploy keys. – Hauke Nov 25 '17 at 11:29

score 51 · Answer 2 · answered Oct 18 '16 at 19:38

51

For anyone else finding this question, know that nowadays you can in fact create read-only deploy keys:

https://github.com/blog/2024-read-only-deploy-keys

You can still create deploy keys with write access, but have to explicitly grant that permission when adding the key.

answered Oct 18 '16 at 19:38

Adam Reis

4,165
1
44
35

1

Unfortunately deploy keys can be used only for SSH access. – pabouk - Ukraine stay strong Jun 05 '22 at 20:44

score 2 · Answer 3 · answered Sep 07 '17 at 19:37

2

For Organizations: I suggest creating a new team specifically for the user. This team can then grant read-only access to the repositories you specify. I hope this helps!

answered Sep 07 '17 at 19:37

chainwork

2,890
4
30
29

score 2 · Answer 4 · answered Jun 05 '20 at 20:54

I know that the questions is about github but maybe for some readers it would be nice to know that this is possible in gitlab and for free. Check https://gitlab.com/help/user/permissions. I spend some time using github without fully serving my purposes. If I knew then I would have started this particular project with gitlab.

Github: readonly access to a private repo

4 Answers4

Linked

Related