Requested Access

Setting up closed source requested access to your repository.

This public content is an excerpt from Flutter staff GitHub docs. It is published as a reference to show how GitHub is used for inner source at Flutter.

Requested Access is one of several recommended access models for Flutter-Global repositories. It’s best for closed source repositories with sensitive content. You must manage your own reader & contributor teams unless you can use Maintainers Only access. By restricting all access to the repository to only those who request it, you have reduced the risk of repo content leakage and any known weaknesses in your security controls.

Access Permissions

  • Grant your reader team read permission.
  • Grant your contributor team write permission.
  • Grant a maintainer team admin permission.

To do this in a Codebase Governor repository file:

# enforce no admins other than owner & maintainers
admins: {}

# allow contribution from your contributor team
    - your-contributor-team-slug

# allow read access to your readers team
    - your-readers-team-slug

You must decide how you wish to manage your reader and contributor team. Read more about using existing teams or managing your own team here.

If only a single user or small team with high trust use this repository you can simplify by using Maintainers Only access with no need for a read or write teams. To do this in a Codebase Governor repository file:

# no access other than maintainers and owner
admins: {}
contributors: {}
readers: {}

Contributor Protection

Choose from Audited Source, Reviewed Source or Multiple Team Source. If not sure – use Reviewed Source which requires a contributor to raise a pull request for approval by a maintainer. This requires branch protection – add this to your Codebase Governor repository file:

  - patterns:
      - "main"
      required-reviews-count: 1
      requires-codeowner-reviews: true

To ensure maintainers must approve pull requests, add a CODEOWNERS file in the root directory of your repository referencing the capability maintainer team:

# replace 'example-name' with your capability name:
*       @Flutter-Global/maintainers-cap-example-name