Github: readonly access to a private repo

143
votes

I am developing some private projects on Github, and I would like to add nightly cronjobs to my deployments servers to pull the latest version from github. I am currently doing this by generating keypairs on every deployment server and adding the public key to the github project as 'Deployment key'.

However, I recently found out that these deployment keys actually do have write access to the project. Hence, every of the server administrators could potentially start editing. Furthermore I can add every deployment key to only one repository, whereas I would like to be able to deploy multiple repositories on one and the same deployment server.

Is there a way to provide read-only access for private repositories to selected users on Github?

4
gitgithubcollaborationreadonlypublic-key
You want to have restricted read only access, isn't it? If you want unrestricted read-only access, you can use git:// protocol instead of ssh:// (ssh+git://).Jakub Narębski

4 Answers

71
votes

I have it on good authority that the (relatively new) "Organizations" feature allows you to add people with read-only access to a private repository.

43
votes

For anyone else finding this question, know that nowadays you can in fact create read-only deploy keys:

https://github.com/blog/2024-read-only-deploy-keys

You can still create deploy keys with write access, but have to explicitly grant that permission when adding the key.

1
votes

For Organizations: I suggest creating a new team specifically for the user. This team can then grant read-only access to the repositories you specify. I hope this helps!

-1
votes

I know that the questions is about github but maybe for some readers it would be nice to know that this is possible in gitlab and for free. Check https://gitlab.com/help/user/permissions. I spend some time using github without fully serving my purposes. If I knew then I would have started this particular project with gitlab.