7

I'm currently working on setting up Drone for CI and I've already managed to register it as an OAuth app with our Github Enterprise. In our case, the Drone OAuth app is owned by one of the organizations I'm part of. Our organizations host private Git repos only. When I first started the Drone server without specifying any Github scope values via DRONE_GITHUB_SCOPE explicitly, the Drone server had access to my Github user's private and public repos and also to all repos of the organizations I belong to.

What I'd like to achieve is that Drone only has access to the private/public repos of the organization it is owned by. So far, I didn't figure out if that is possible with Github OAuth scopes and, if this is the case, how to configure it correctly. Can anybody help with this?

Cheers,

Patrick

pklndnst
  • 726
  • 2
  • 10
  • 27

1 Answers1

2

Based on https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/, it looks like that's not possible, which is a shame. The only way to grant full access to a public or private repository is to use the repo scope, which enables the following:

Grants full access to private and public repositories. That includes read/write access to code, commit statuses, invitations, collaborators, adding team memberships, and deployment statuses for public and private repositories and organizations.`

There doesn't appear to be a scope that limits permissions based on organization. Hopefully GitHub enables this in the future :(

zgreen
  • 4,182
  • 1
  • 24
  • 19