I am developing some private projects on Github, and I would like to add nightly cronjobs to my deployments servers to pull the latest version from github. I am currently doing this by generating keypairs on every deployment server and adding the public key to the github project as 'Deployment key'.
However, I recently found out that these deployment keys actually do have write access to the project. Hence, every of the server administrators could potentially start editing. Furthermore I can add every deployment key to only one repository, whereas I would like to be able to deploy multiple repositories on one and the same deployment server.
Is there a way to provide read-only access for private repositories to selected users on Github?
I have it on good authority that the (relatively new) "Organizations" feature allows you to add people with read-only access to a private repository.
For anyone else finding this question, know that nowadays you can in fact create read-only deploy keys:
https://github.com/blog/2024-read-only-deploy-keys
You can still create deploy keys with write access, but have to explicitly grant that permission when adding the key.
For Organizations: I suggest creating a new team specifically for the user. This team can then grant read-only access to the repositories you specify. I hope this helps!
来源:https://stackoverflow.com/questions/2868432/github-readonly-access-to-a-private-repo