I have 10 main folders in this project I want to give access to the external team just in one sub-folder in my git repository so that they can make changes and submit a Pull Request.
Is there a way of doing it? If not, can you please suggest a better way?
There is no such access-rights-mechanism implemented on GitHub repositories out of the box.
Using a submodule does the trick, and is pretty much easy to set up. You can give the customers full access to the submodule repository, while you add it to your main project repository.
Note that the StackOverflow question "Using someone else's repo as a Git Submodule on GitHub" and its answer are also worth reading.
This is in my opinion the most simple and straightforward way to do it.
If you really don't want to use submodules, you can still restrict access rights by creating a GitHub webhook that implements this mechanism. The Git SCM documentation explains how to do that part.
This is free for public repositories and paid for private repositories.
Code owners are defined by adding a file named CODEOWNERS to the root of your repository.
Syntax:
# <directory or file filter> <user or group>
# Examples:
README.md @octocat
/veryimportant/ @myorganization/teamname
Documentation: https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
With paid github subscriptions, PRs can be restricted in a way that a review by a code owner is required before merging it:
Having this configured, pull requests with changes to the locations / files / directories configured via the CODEOWNERS file require a code owner review. Screenshot:
Admins and owners would still be able to commit directly to master. It is therefore recommended to apply the branch restrictions to Admins as well:
With modern Git that have Sparse checkout and partial clones I believe that it could be achieved using some kind of Git hooks. I did run some experiments here where I used some kind of Git hooks and HTTP reverse proxy + the use Git sparse checkout to allow access to only certain subfolders. This is just an experiment though.
