So, as I can see there is no way to provide the read-only user for Drone checkout repositories. It does those stuff over end-user credentials, it sounds pretty good except providing Drone full access to the repositories. I can’t limit it to the read-only because Github does not provide the corresponding
scope.
Is any way to provide the read-only user for Drone? Can I limit the Drone OAuth application to fetch only the user’s e-mail?
You can define a global username / password to clone all repositories. It only impacts the clone, and does not impact other system functionality. See:
https://docs.drone.io/reference/server/drone-git-username/
https://docs.drone.io/reference/server/drone-git-password/
Thank you for your response! What about users authentication in UI over OAuth? I do not want to provide to Drone anything except end user e-mail
I do not want to provide to Drone anything except end user e-mail
Sorry, this is not possible. We designed Drone to integrate very tightly with the source control management system (e.g. github). Drone relies on the source control management system and API for authentication, authorization, permissions, webhook creation and more. Oauth2 is therefore a hard requirement.