Scoped Access Control and a buddybuild bot for GitHub Users

GitHub recently released GitHub Applications, a new way for teams to integrate services that improve their development workflow within GitHub.

Today, we’re launching the buddybuild GitHub Application.


GitHub Applications have three specific benefits for development teams:

  • Fine-Grained Access Control: teams who use GitHub can now scope which specific repositories buddybuild has access to.

  • A buddybuild bot: the buddybuild GitHub Application automates aspects of your workflow.

  • Continuity of Service: authorization is no longer tied to a specific user — buddybuild uses the GitHub API to maintain continuity of service.

Fine-grained repository access

With the new buddybuild GitHub Application, teams can choose to grant access to an entire GitHub organization or to a specific repository within an organization.

The buddybuild bot

The buddybuild GitHub Application also exposes a bot to help automate aspects of your workflow. The buddybuild bot can create new GitHub Issues when you receive user feedback or crash reports for your app.

Expect upcoming future releases of the bot to have additional capabilities... stay tuned!

Continuity of service

Historically, if the team member who added your project to buddybuild left your GitHub repository or organization, builds on buddybuild would break. Now, authorization is no longer tied to a specific user — the buddybuild GitHub Application uses the GitHub API to maintain continuity of service.

We’ve found this particularly helpful for mobile development agencies or freelance developers who might want to transition projects to their clients after their scope of work is complete.

Which repositories should buddybuild have access to?

Teams can choose to make all of their repositories available to buddybuild, or choose to grant buddybuild access to specific repositories.

If the list of repositories changes, it’s straight forward to grant or revoke buddybuild access to your repositories at any time from GitHub. Changes to buddybuild’s repository access in GitHub take effect immediately in buddybuild.

Note: If you choose to grant buddybuild access to a subset of the repositories in your GitHub organization, then you should be mindful of private submodules, Cocoapods, Carthage, or npm dependencies in repositories within your GitHub organization that buddybuild may need access to.

For example, if your mobile app lives in a repository called Acme/MailApp and it depends on a private dependency in Acme/Notifications, then you should make sure that buddybuild can access both MailApp and Notifications repositories.

Migrating existing apps in buddybuild

If you’re already using buddybuild for an existing app, it continues to operate normally. We are maintaining support for our existing GitHub OAuth Application for the foreseeable future.

However, if you’re interested in the benefits of our new buddybuild GitHub Application, then you can use our wizard in the buddybuild dashboard to migrate your buddybuild account and your apps. For more information about migrating see our documentation.

As always, we’d love to hear your thoughts on our new experience — feel free to tweet @buddybuild, or share your feedback directly with the team. And, if there’s a feature you’d like to see added to the GitHub buddybuild bot, please post about it in our discussion forums.