whole point of what I will be doing is to have independent accounts so in case of some issue I can migrate everything to GitLab/GitHub
I do not want to authorize GitLab to have “Full control of private repositories” Sign in to GitHub · GitHub - I want to just copy content of a public repository, including issue tracker
In addition I want to make a backup copy of repository belonging to organization and “Authenticate with GitHub” button informs me that I would need permission from administrators of that organizations.
What for making copy of public data should not be needed.
An empty github account isn’t going to help you. The import from github, imports all the projects that are connected to your github profile. So the empty account would also need access to those projects, or you would have to fork them into that profile, and then still use Github oauth to connect Gitlab/Github to import it. As per the Gitlab docs: Import your project from GitHub to GitLab | GitLab
Whether you will get the issues or not, is another thing though. You can test/check it.
To be honest, I don’t see anything bad about using the Github/Gitlab oauth thing anyway for importing projects from your login. Once you’ve finished, you can go into Github settings for apps: Sign in to GitHub · GitHub and just delete the authorisation.
Giving GitLab access to all my private GitHub repositories, including write access is not acceptable to me. I want to have a safe backups rather than increase chance of catastrophic data loss.
Especially for task where public API is fully sufficient.
Well, I guess if you don’t want to generate an oauth authentication between your Gitlab profile to connect to your Github one, then I guess you are out of luck. Since it’s only your Gitlab login that has access to the oauth authentication anyway. That’s like you generating an SSH key to gain access, and saying that is not acceptable to you. Or like when 2FA is enabled and generating app passwords to gain access because it doesn’t support 2FA authentication within that particular application. There isn’t a real difference here. But fair enough if you feel that is not a safe way for you to make a backup.
I doubt very much the public API is sufficient. Github has rate limits of 5000 requests per hour, so I doubt very much you are going to get your repository, issues, and everything else backed up that method. Not also taking into account that when receiving your replies, pagination defaults to 30 per page, and max of 100 per page. But maybe you can try and write yourself a procedure to do it if you think the public API is sufficient to make such backup, of which I highly doubt it considering these limits.
Even very large repositories with heavy activity will be downloaded within day or two (100 000 issues with say 100 comments per issue is just 101 000 requests - within a single day).
And anyway with a trusted script I can give it repo token.
So if during that single day or two your access disappears then you don’t have the ability to make a backup and the backup that was in progress is incomplete. Whereas using the import project it is done within minutes. A backup should be able to be made quickly, not within one/two days based on an API which for me is far more unacceptable than allowing access via oauth for me to be able to make a backup far quicker. The oauth access is granted by my Gitlab user, so it isn’t accessible to anyone else except me, and my Gitlab account is secured via 2FA. Which can also be compared like I said to an SSH key, access token of which you just mentioned as being trusted. Since I created the oauth access to my Github profile, it is also trusted. And the oauth app access can be revoked just like an access token can.