Support for private repositories

[brunolemos]

If you want this feature for your personal private repositories, please react with a 👍.
If you want this for your team/company/organization private repositories, react with a ❤️.
Follow @devhub_app on Twitter to be notified when this becomes available.

Add support for:

• Showing activities of private repositories
• Enhance notifications of private repositories

Implementation requirements

• Request only the permissions that are strictly necessary
  • For this reason, we will need to migrate from OAuth App to GitHub App (see comparison)

Why not enable private access using the current implementation?

GitHub OAuth Apps have a very broad and dangerous permission scope. See this petition for details. For example, to be able read activities (issue comments, ...) from private repositories, we need to request the repo scope. And this is what it gives access to:

As a security precaution, DevHub does not intend to ask for this permission, since it doesn't ever need any code or write access.

---

TL/DR: This feature is planned and is high priority.
But to do it right, first we need to make DevHub work as a GitHub App instead of OAuth App. This will cause an increase of server usage and costs.

Follow @devhub_app on Twitter to be notified when this becomes available.

[ifuller1]

This will cause an increase of server usage and costs.

I'd pay some kind of licensing to use this. Pretty sure others would too, esp if it were on a per-user basis with a sensible cost.

[brunolemos]

@ifuller1 Thanks for your support! I hope more people think like you.

[grrowl]

Would be keen to kick in a few $ for server costs. Probably wouldn't subscribe per-user but would donate especially with transparency around costs on your end. Just my 2c.

[brunolemos]

@grrowl thanks!

[edasque]

Testing this in 4.7.0 (Mac Electron client). I was able to add a repo (having had to install devhub for my org) and it worked. Pretty smooth. Does this work also for the organization tab. I only see activity on public there, no activity on the private repos (the settings have checks on private & public).

[arondeparon]

Currently testing this in 0.47 as well, but even though I have installed the app, it is still telling me to "Install the Github App"

[edasque]

@Arondepardon did you authorize DevHub access to your organization?

[brunolemos]

@edasque thanks! I'll check org support. It should work.

@arondeparon weird. can you try a logout/login? I'll try to reproduce.

[brunolemos]

@arondeparon oh you tried via a private notification instead of a column, right?
Yeah if you logout/login it will work, it's missing a required token. I'll better handle this case.

[arondeparon]

Thanks, working now!

[edasque]

@brunolemos let me know what I can do to help diagnose.

[brunolemos]

@edasque unfortunately it doesn't seem to be possible yet :(

The endpoint required to access private organization events is not available to GitHub Apps yet. See image below, it doesn't have the same icon as the public endpoint has:

When I try to access this endpoint it returns an error Resource not accessible by integration.
We will need to wait for GitHub to implement this. For now you can create a column for each private repo.

I'll add an indicator to show which column types support private content:

[brunolemos]

Hello everyone,

Support for private repositories is now available on all platforms! (Android, iOS, Web, Desktop)
Please try it out and send feedbacks here (or anonymous here). 💙

Just tweeted about it, in case you want to show some support:
https://twitter.com/devhub_app/status/1101138702749888515