Runnable needs to have read access to your code as well as the ability to modify webhooks.
Based on GitHub’s current permission model, we have to ask for read & write permissions to your repository which is more than we need.
Runnable specifically needs access to:
- Get a users basic info.
- Get list of a user's organizations.
- Get list of branches and commits from private repos from a particular organization.
- Add webhooks to repos.
- Add deploy keys to repos.
We are constantly evaluating changes to GitHub’s permission model and hope to minimize repository access as it evolves in the future.