I didn't notice before, but it seems you need WRITE access in order to push new datasets, i.e. commits.
This is not optimal - we don't want to manually enable any individual that wants to push a dataset. Anyone with a GH account should be able to commit.
Below suggestions for alternatives:
Best Option: Fork + PR Workflow
Users authenticate with their own GitHub account:
Uses their credentials (OAuth)
Commits to their fork
Opens PR to your repository
You review and merge
✅ Secure, standard, scalable
Alternative: GitHub App with Backend
Create a GitHub App (not embedding tokens)
Users authenticate through GitHub OAuth
Backend service (with server-side token) does the commit
✅ Secure, but requires hosting a backend
Simplest (Limited): Shared Service Account
Create a dedicated "bot" GitHub account
Give it write access to your repo
Share those credentials (still not ideal, but isolated)
⚠️ Users could still abuse it
@lydiascarf I'd take your advices here for the smoothest, least impactful approach.
I didn't notice before, but it seems you need WRITE access in order to push new datasets, i.e. commits.
This is not optimal - we don't want to manually enable any individual that wants to push a dataset. Anyone with a GH account should be able to commit.
Below suggestions for alternatives:
Best Option: Fork + PR Workflow
Users authenticate with their own GitHub account:
Uses their credentials (OAuth)
Commits to their fork
Opens PR to your repository
You review and merge
✅ Secure, standard, scalable
Alternative: GitHub App with Backend
Create a GitHub App (not embedding tokens)
Users authenticate through GitHub OAuth
Backend service (with server-side token) does the commit
✅ Secure, but requires hosting a backend
Simplest (Limited): Shared Service Account
Create a dedicated "bot" GitHub account
⚠️ Users could still abuse it
Give it write access to your repo
Share those credentials (still not ideal, but isolated)
@lydiascarf I'd take your advices here for the smoothest, least impactful approach.