Pull only repository

Hello everybody!

I would like to use git combined with a cronjob to keep updated some script on N virtual machines that I’m distributing. So I was thinking about creating a specific account shared between all the virtual machines, add this account to the private repo, and store the credentials on every single machine, so that the cronjob doesn’t get stuck waiting for credentials when it has to pull.
The problem is that, as far as I know, storing the credentials is dangerous because someone could use them to write on the repository.

So my question is: is there a way to make a repository “pull-only”? My main account, which is the repo owner, will be able to use the repo as usual, but the account of virtual machines will only be able to pull the code.

Thanks a lot :slight_smile:

The access token for the pull action can be given read access to repository which means it cannot write.

The rest you could automate with ansible if you are willing to learn it. Or if you prefer just do with cron.

1 Like