GitHub support's the notion of dedicated repository SSH deploy keys. Those are decoupled from your user account and can be granted write access to a repository.
However, issues remains to any Hudson instance using such a key. As the Hudson user needs read access to the key and it's passphrase, it's possible for an attacker to create a Gerrit review or pull request that might expose the key. There is no way to prevent it unless it. Thus, the Mylyn team did put a whitelisting mechanism in place to auto-build/verify reviews only from trusted people. As a GitHub hosted OSS project, you should use Travis. See: https://github.com/alrra/travis-scripts/blob/master/doc/github-deploy-keys.md <https://github.com/alrra/travis-scripts/blob/master/doc/github-deploy-keys.md> and https://docs.travis-ci.com/user/pull-requests#Pull-Requests-and-Security-Restrictions <https://docs.travis-ci.com/user/pull-requests#Pull-Requests-and-Security-Restrictions> -Gunnar -- Gunnar Wagenknecht [email protected], http://guw.io/ > On 1 Nov 2016, at 09:43, Christoph Daniel Schulze > <[email protected]> wrote: > > Hi everyone, > > at the Eclipse Layout Kernel we are currently thinking about how best to > provide documentation about layout algorithms and supported layout > options to our users. The main place where we host documentation is our > GitHub wiki. What we are currently thinking about is to generate Wiki > documentation from the meta data about our algorithms at compile time > and push that to the wiki repository. > > For this to work, our Hudson instance would need write access to that > repository. One way to do that would be to give it an SSH key for my > GitHub account, but that solution doesn't appeal to me very much for > security reasons. Does anyone do something similar with less security > problems? > > I presume that it would probably be easier to give our Hudson write > access to our Eclipse website repository. However, I would prefer to > keep all documentation bundled up at a single place instead of spreading > it out over different websites. > > Cheers, > Christoph Daniel > > _______________________________________________ > incubation mailing list > [email protected] > To change your delivery options, retrieve your password, or unsubscribe from > this list, visit > https://dev.eclipse.org/mailman/listinfo/incubation
_______________________________________________ incubation mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/incubation
