New GitHub Organization API and deppbot

[winston]

About two weeks ago, we made a change to deppbot.com to reduce the access permissions it has on GitHub organizations and their repos.

Previously, when @deppbot was enabled on an organization repo, deppbot will either (depending on the user's access level):

• Add deppbot to a "Team with admin access" ("Admin" for short)

OR

• Create a "Services" team, and add deppbot and the repo to the "Services" team

This actually gave deppbot more access than it required, because both the "Admin" and "Services" teams have read/write access to all the repos in the organization.

It wasn't ideal but that was the only way to do it, before the new GitHub Organization API came along.

With the improved API, it is now possible to add collaborators to an organization repo (previously only possible for user repos) and so, we can do just that without having to add deppbot to any teams!

So now if you subscribe a new organization repo on deppbot.com, deppbot will add itself as a collaborator to the repo, instead of relying on teams.

This means deppbot will only have read/write access to the repo and nothing else in the organization.

Related:

• Read-Only OAuth Scope on GitHub, Please?
• Add collaborators directly to private repos houndci/hound#965

---

Thank you for reading.

@winston ✏️ Jolly Good Code

About Jolly Good Code

We specialise in Agile practices and Ruby, and we love contributing to open source.
Speak to us about your next big idea, or check out our projects.