Why does the user that links Docker Cloud to Github need admin level access to a repo? It would seem that it just needs read level access, wouldn’t it?

I think it had to do with that docker cloud needs to create webhooks. And it can only do that by having admin rights.

Review permission for GitHub shows:

Repositories
Public and private
This application will be able to read and write all public and private repository data. This includes the following:
Code
Issues
Pull requests
Wikis
Settings
Webhooks and services
Deploy keys

I do not understand why it is asking for write permission to code, issues, pull requests and settings?

I have exactly the same question.

At least with Docker Hub one can choose to grant read-only access and manually add the Docker Hub integration to a given repository

Any update on this issue?

We use Docker Hub via an organisation, and now we have to create machine user in Github and make it a member and use this machine user to connect to Github, with Admin permissions afaik. Which will give this machine user full privilege over all our repositories, and so does Docker Cloud.

I really don’t see the requirement for this. It’s an unnecessary security trade-off and also harder to manage.

If it comes down to webhooks, I’m fine adding them myself.