Support private repositories #22

bradleyfalzon opened this Issue Nov 24, 2016 · 0 comments


None yet
1 participant

bradleyfalzon commented Nov 24, 2016

Currently only public repositories are tested. We should support private repositories too.

This may require:

  • Ability to clone a private repository.
  • Mark the repository as private in the database when storing build metadata, to ensure public cannot see the individual build status (use the following to verify
  • Remove public records of public repositories when they are changed to private (may not be required, as we don't store public records that will need to be removed, we'll just require authentication).
  • API requests for private repositories need to be authenticated (such as those in GitHub handler as well as the summary page for grabbing diff).
  • Removal of ignoring private repositories done in #73.

Relates to #8 due to per repository public visibility.

Note, this may not support dependencies that are also private.

bradleyfalzon added a commit that referenced this issue Aug 8, 2017

Ignore GitHub private repositories
We do not currently support private repositories because we do not
use tokens to clone the repositories URLs, and the build status
pages are not currently authenticated.

This results in clone errors failing the build, and if that is fixed
could result in information leak on the build summary page.

As a stop gap, we'll ignore requests for private repositories. This
won't provide any feedback to the user, which is unfortunate, but to
do that would require a different way to ignore repositories that
provides feedback, the longer term goal is to simply support private
repositories correctly.

Fixes #73.
Relates to #22.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment