OSS GitHub app that proxies non-GitHub users to access GitHub code and create issues/PRs? Bonus points if written in Go. - ThreadSky

About ThreadSky

pires.dev • 31 days ago

OSS GitHub app that proxies non-GitHub users to access GitHub code and create issues/PRs? Bonus points if written in Go.

Comments

chmarny.com•31 days ago

Issues, I can see being valuable. PRs by non-auth’d users though would have to assume defensive CI on the repo itself to prevent execution of malicious code as part of PR qualification.

pires.dev•31 days ago

As a org/repo owner you have full control of the permissions given to the app. The app is helpful at least when you want to give access to, say a company you hired for an audit without having to do per-user access control, ie add external contributors.

pires.dev•31 days ago

This also gives the ability for the owner of the app to do access control (who and when from their end can access the proxy), and retain IP easily.

pires.dev•31 days ago

On the attack front, I think there's no need for a different stance when it comes to protecting from malicious human vs robot contributions. If anything, the proxy must do IAM well.

pires.dev•31 days ago

I read your post too quickly, my bad. We're aligned. The proxy MUST have its own IAM. Said IAM can leverage GitHub identities or something else entirely.

Posting Rules

Be respectful to others
No spam or self-promotion
Stay on topic
Follow Bluesky's terms of service

Comments

Posting Rules

Reply