Understanding what Gatsby Cloud needs access to and why
Gatsby Cloud integrates with GitHub and a variety of CMS providers, to do a lot of the manual integration steps like provisioning new sites or CMS workspaces and configuring details like environment variables for you.
In order to integrate these services, Gatsby Cloud requests some permissions so that it can perform operations across your organization’s repositories and workspaces on your behalf. Only the permissions necessary for Gatsby Cloud are asked for, and are only used to help improve the offered services.
When you first get started using Gatsby Cloud with Github, you’ll be greeted by a screen like this:
As shown in the screenshot, the permissions requested in this step are for your user account and are:
- Read access to your email address - which is used by Gatsby Cloud to associate your account with a GitHub account
When you click “Authorize Gatsby Cloud by gatsby-inc”, Gatsby Cloud will create your profile and link it to your GitHub account.
Note: If you are not already signed into GitHub when you begin this process, you’ll instead see this screen:
In which case, you’ll first have to sign in or create an account to use with Gatsby Cloud.
When you have signed up as a user to Gatsby Cloud, you will need to add Gatsby Cloud to your GitHub organization in order to connect one of your repositories. A personal account can be used as the organization that it is installed as a part of, or another GitHub organization your account is a part of can install it.
When you click “Add New Organization” in Gatsby Cloud, a window will open that looks like this:
As you can see in the screenshot, the permissions requested in this step are in reference to “All repositories” that are a part of the organization and are:
- Write access to code - which is only used by Gatsby Cloud’s auto-provisioning workflow (if you selected that you didn’t already have a Gatsby site, and opted for Gatsby Cloud to set up a repository and CMS) to set up configurations inside of files in new projects to cooperate with Gatsby specific internals and CMS requirements
- Read access to metadata and repository hooks - which is used to trigger new builds and update previews on Gatsby Cloud when changes occur in your repository
- Read and write access to administration and checks - which is used to create status checks for builds in the GitHub UI for pull requests created in a connected repository, as well as managing webhooks for connected repositories on push events and pull request events