Why does the user that links Docker Cloud to Github need admin level access to a repo? It would seem that it just needs read level access, wouldn’t it?
I think it had to do with that docker cloud needs to create webhooks. And it can only do that by having admin rights.
Review permission for GitHub shows:
Public and private
This application will be able to read and write all public and private repository data. This includes the following:
Webhooks and services
I do not understand why it is asking for write permission to code, issues, pull requests and settings?
I have exactly the same question.
At least with Docker Hub one can choose to grant read-only access and manually add the Docker Hub integration to a given repository
Any update on this issue?
We use Docker Hub via an organisation, and now we have to create machine user in Github and make it a member and use this machine user to connect to Github, with Admin permissions afaik. Which will give this machine user full privilege over all our repositories, and so does Docker Cloud.
I really don’t see the requirement for this. It’s an unnecessary security trade-off and also harder to manage.
If it comes down to webhooks, I’m fine adding them myself.