My bot sends people pull requests (e.g. https://github.com/JuliaStats/Distributions.jl/pull/649). In order to that I of course somehow need to create a branch with the new data. Right now I request read+write permissions for Repository Contents and then push my new branch, which works well. However, that permission scope is a bit broader than what I actually need. In particular, I think my users would be much happier if the permissions were restricted to either:
- The ability to create new branches (and push to branches created by the integration)
- Read+Write permissions to a single named branch (or maybe a wildcard - I may need more than one branch in the future - e.g. allow read+write to all branches whose name starts with
- Allow the installation to have it’s own “forks” of repositories.
Of course one immediate solution is to create a separate machine user that hosts the forks, but it’s a bit awkward for two reasons:
- It doesn’t work on private repositories (which my app doesn’t either right now, but may in the future).
- It seems unfortunate to require a separate machine user account when the bot already has an identity.
Or maybe you can think of something else to help with my use case.