Granular scopes for GitHub
complete
Alexey
We would like to see CircleCI use the newer GitHub API to lessen the privileges needed for integration.I see that when linking GitHub with CircleCI you still require write access to pretty much everything in my GitHub account.I know, that in the past this was do to a limitation of GitHub OAuth scopes, but now that they have GitHub Apps which allows more granular permission, I would appreciate if I could specify a lower privileged access so that CircleCI cannot arbitrarily modify code in GitHub.New API should allow much more granular access so that by default you don’t get write access. I see this as a real differentiator when picking the most secure CI SAAS.
CCI-I-50
S
Sebastian Lerner
complete
https://circleci.com/docs/github-apps-integration/
Maciej Bukczynski
Yup, I have contractors working for my company who rightly hesitate to give CircleCI access to their private repos. This is a must.
Martin Grigorov
The required write+admin permissions is a stopper for using CircleCI at Apache Software Foundation (https://issues.apache.org/jira/browse/INFRA-22367)
Sarah Seaton
under review
D
Dan Rollo
We have both private and public projects, and I'm running into resistance to using CircleCI because it is requesting access to private repos. :(
PePe Amengual
Dan Rollo: same here
Liya Ai
Thomas Hallgren, Billy W, Richard Goetz - our team is aware of this & related permissions issues, and have been in active investigation. We'll share an update on what we end up prioritizing, thanks for your patience!
Thomas Hallgren
I'm involved in several organizations. Only one of them is using CircleCI. There's just no way I can give CircleCI write permissions (or even read) to all private repositories that I have access to. Right now, that prevents me from even viewing CI-build failures. Please do something about this.
B
Billy W
Still an issue. Still no support for separation of organizations and still ZERO support for the current new permission schema roles from Github. It is like they want people to move to Github Actions. Oauth should not be this hard.
R
Richard Goetz
Did this ever get anywhere? Maintainer role support is very much needed.
Otso Jousimaa
Just chiming in, CircleCI requiring even momentary full access is a blocker for my org.
Load More
→