For Github Apps (not to be confused with Github oAuth apps), I want to create a read-only deploy key on a user’s project.
However it looks like:
- The user token retrieved from the oAuth flow doesn’t have permission to do this
- The Github App can do this, but requires the
Administrationpermission, which also gives our application a LOT of permissions, such as deleting the repository.
Am I missing anything? The goal would be to create a read-only deploy key without also giving the application permission to be destructive.