This week, the Shippable team had the opportunity to present 'Modern DevOps with Docker' (describing our internal transformation - see below for more) and engage with the community at ApacheCon 2015 in Austin, TX. We saw firsthand how the thriving group of dedicated professionals in the Apache community are tackling big challenges across the full tech spectrum. In addition, while in Austin, we had the chance to connect with the tight-knit and talented DevOps Austin community and learn from their perspectives. It was an energizing three days.
We recently found a bug that prevented us from deleting webhooks on GitHub when a user who had only authorized Shippable for public repositories deleted a project on Shippable. The root cause of this bug is that we have
write:repo_hooks scope for public repositories, and this does not include permissions to delete a webhook. From GitHub documentation https://developer.github.com/v3/oauth/#scopes -
Who is affected by this?
Existing users who have authorized Shippable only for GitHub public repos.
The Shippable team believes that feedback is the breakfast of champions! And one of the questions / user queries that we regularly get asked is - why does Shippable need read/write permissions to all my repos?
So, we would like to explain. We use read/write permissions for your repos only to auto configure webhooks. To make webhooks work, we need to add deploy keys to your repos. We never touch your code. You can control access - allow access to only public repos only or public and private repos. We don't ask for blanket permissions.