What GitHub permissions do you need?

DJ
Last updated 2 months ago

If you have tried to sign up for ReleasePage, you may notice that we ask for access to some resources. We need to use these in order to fetch your releases, and to keep your Release Pages up to date. We understand that allowing access to your GitHub information requires trust, so here we will detail exactly what information we use, and why.

Initial Permissions

Personal user data - Email addresses (read-only)

This allows us to verify your account and send you emails about your published Release Pages. We promise not to use your email for evil, and we wont spam you! You can unsubscribe from anything we send to you using the link at the bottom of the email.

Repositories - Public Only

This permission grants us access to read and write your public repositories. We use this information for three reasons;

  1. (Read) We list all of your public repositories in the Management Portal when you are creating a new Release Page. This allows you easily choose the ones you wish to use.

  2. (Read) When you create a Release Page, we fetch all of your existing GitHub releases to show on your page.

  3. (Write) When you publish a Release Page, we need to keep it up to date with any new releases that you publish. To do this we create a GitHub webhook, this sends us release information on the instant it is published, so your Release Page is always in sync.

Organizations and teams - Read-only access

This permission grants us read-only access to your organizations and teams. We use this information to list all of your organizations in the Management Portal when you are creating a new Release Page. This allows you to create Release Pages for multiple organisations. We never use any information about your teams.

Progressive Permissions

Repositories - Public and private

We know write permissions can be a little scary, especially to private repositories. The permissions needed to simply log in are different to those needed to publish a Release Page. Thus we allow you to add additional permissions as they are needed.​​

This permission grants us access to read and write your public and private repositories. We use this information for exactly the same three reasons as public only.

Unfortunately, there is no way to grant permission to read only the information that we need. However, we promise to always be transparent about the details we use, to never read or write any code in any of your public or private repositories, and to never use any of your information for anything other than what is detailed above.

Resources