Why does the Shopify GitHub app need so many permissions? (Shopify GitHub Integration)

Online Store and Theme Development
1

Short description of issue

Too many permissions required by the Shopify GitHub app (Shopify GitHub Integration)

Reproduction steps

Install the Shopify GitHub app in a GitHub repo.

Additional info

Expected permissions would be just Read and write access to Contents (since the app is, as far as a I know, literally just reading and writing code files to do the sync).

Instead, the app appears to require all of the below, which is a security & data privacy problem unless there’s a valid use case for the app to need them all (I’m not aware of any):

  • Read and write access to Issues
  • Read and write access to Actions
  • Read and write access to Administration
  • Read and write access to Contents
  • Read and write access to Dependabot secrets
  • Read-only access to Deployments
  • Read-only access to Members
  • Read-only access to Metadata
  • Read and write access to Pull requests
  • Read and write access to Secrets
  • Read and write access to Workflows

What type of topic is this

General discussion

1 Like
2

Hey Matthew, great question! The Shopify GitHub app drives a few different features for the platform. While the integration with Online Store is limited the integration for Hydrogen storefronts is quite robust and what the majority of these permissions are used for.

As an example, Hydrogen will create pull requests, manage secrets, and create deployment workflows for a particular storefront.

2 Likes
3

Thanks for filling me on on that use case for the permissions. As I don’t get involved with Hydrogen, I wasn’t aware of that.

Still, I’m guessing Hydrogen is probably a minority use case for the GitHub app compared to the simpler theme file sync option?

I feel Shopify should consider exploring options that allow for less permissions to be required for simple theme file sync with GitHub (what I assume is the majority of use cases, although do correct me on that if I’m wrong!). I don’t know whether that would mean adjusting the existing GitHub app, or having to create two separate apps.

In principle it’s not great security practice to give any third party app broader permissions that is absolutely needed. We’ve got our own CI/CD stuff going on with our own secrets that we’d like to keep, well, secret :slight_smile:

1 Like
4

That’s fair!

Introducing a new app at this point would be a long process full of friction but it’s something we could consider the next time we do a major change to either Online Store or Hydrogen involving GitHub.

I’ll raise it to the team to at least keep it in conversation.

1 Like