I want to add a SSH key to my github repo with the ability to read from the repository and push, but without the ability to delete anything. In other words, I want to add a deploy key with RW access rights instead of RW+. How can I do this?
I know about the possibilities to configure the protection of branches, but I would like not to prohibit deleting anything from branches at all, but to prohibit deleting using a specific key.
The RW+ convention comes from gitolite conf file and reference the ability to git push --force, which allows for rewind/delete commits.
With GitHub, that would not be linked to authentication (through SSH key or HTTPS token), but with branch protection:
By default, each branch protection rule disables force pushes to the matching branches and prevents the matching branches from being deleted.
You can optionally disable these restrictions and enable additional branch protection settings.
I know about the possibilities to configure the protection of branches, but I would like not to prohibit deleting anything from branches at all, but to prohibit deleting using a specific key.
At first, only branch protection comes with that kind of feature, as illlustrated here.
But, since Dec. 2021, you also have:
Specify who can force push to a repository
Now, you can be specific about the people and teams who are allowed to force push. As shown in the image below, select Allow force pushes and Specify who can force push. Then, search for and select the people and teams who should be allowed to force push.
So if your SSH key reference a dedicated user, listed in the setting above, then said user would not be able to force push for that repository.
