Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for Private Repositories #13

Open
1 of 3 tasks
carter2422 opened this issue Nov 25, 2016 · 6 comments
Open
1 of 3 tasks

Support for Private Repositories #13

carter2422 opened this issue Nov 25, 2016 · 6 comments
Labels
enhancement

Comments

@carter2422
Copy link
Member

carter2422 commented Nov 25, 2016
edited by TheDuckCow
Loading

Updated status on private repo implementation, via @TheDuckCow

  • GitLab private support
  • GitHub private support
  • Bitbucket private support

See below for details
@carter2422 carter2422 mentioned this issue Nov 25, 2016
Closed
@diegogangl
Copy link

Apparently the way to do this is using either Personal Tokens or Applications (in Github settings).
I'm not clear how this would work with multiple users though.

References

Tutorials/stuff on the net

@carter2422
Copy link
Member Author

I'll have to read into all the above, thanks @diegogangl.

From your understanding, any thoughts on how to best keep the tokens private while still needing access from within a publicly distributed codebase? e.g. allow anyone with a copy to download updates from a private repo.

@TheDuckCow
Copy link
Collaborator

Indeed thanks @diegogangl. My guess as a potential direction to take, similar to how the blender institute's addon is shared with a compiled pyc file, it might be necessary (or at least advisable) for developers to distribute the addon with the compiled code only and safely store the SECRET KEY in the pyc module. Otherwise, of course everything would ultimately be exposed in plain text code anyways. That being said, would still need to be careful and see if restrictions can be locked onto a key. E.g. you wouldn't want someone to use the addon as a way to hack into a repo and have things like write or delete privileges.

The OAuth 2.0 looks like the direction that should be taken, over having personal access keys and certainly the most basic auth method, but nonetheless the above statement would still apply around concealing the secret. I need to understand how to control OAuth restrictions better too.

@TheDuckCow
Copy link
Collaborator

Update:

I have 80% implemented accessing private repositories for Gitlab and will be exploring similar methods for Github and bitbucket. The way it works now for gitlab is a user can create a personal token, define it to only work/support the api access (as opposed to other permissions like write etc), and this token is added in the header of requests to the private repo with success. This setup would likely vary depending on the "engine" or service used, but could be made to be configured as a part of the engine code setup itself to be generic and consistent on how to set it up between the different services.

@TheDuckCow
Copy link
Collaborator

Support for GitLab private repos has existed for a little while now, but to put it explicitly, here's a status on the implementation:

  • GitLab private support
  • GitHub private support
  • Bitbucket private support

Will be revisiting

@pedroalmeida415
Copy link

Hey everyone!

Any updates regarding Github private repo support?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@diegogangl @carter2422 @TheDuckCow @pedroalmeida415