gitsources: list only repo with enough permissions

ListUserRepos will return only repos where the user has enough permissions to
create webhooks and deploy keys

internal/gitsources/gitea/gitea.go

@@ -377,6 +377,10 @@ func (c *Client) ListUserRepos() ([]*gitsource.RepoInfo, error) {
 	repos := []*gitsource.RepoInfo{}
 
 	for _, rr := range remoteRepos {
+		// keep only repos with admin permissions
+		if !rr.Permissions.Admin {
+			continue
+		}
 		repos = append(repos, fromGiteaRepo(rr))
 	}
 

internal/gitsources/github/github.go

@@ -371,7 +371,13 @@ func (c *Client) ListUserRepos() ([]*gitsource.RepoInfo, error) {
 	repos := []*gitsource.RepoInfo{}
 
 	for _, rr := range remoteRepos {
-		repos = append(repos, fromGithubRepo(rr))
+		// keep only repos with admin permissions
+		if rr.Permissions != nil {
+			if !(*rr.Permissions)["admin"] {
+				continue
+			}
+			repos = append(repos, fromGithubRepo(rr))
+		}
 	}
 
 	return repos, nil

internal/gitsources/gitlab/gitlab.go

@@ -256,6 +256,7 @@ func (c *Client) CreateCommitStatus(repopath, commitSHA string, status gitsource
 }
 
 func (c *Client) ListUserRepos() ([]*gitsource.RepoInfo, error) {
+	// get only repos with permission greater or equal to maintainer
 	opts := &gitlab.ListProjectsOptions{MinAccessLevel: gitlab.AccessLevel(gitlab.MaintainerPermissions)}
 	remoteRepos, _, err := c.client.Projects.ListProjects(opts)
 	if err != nil {

internal/gitsources/gitsource.go

@@ -43,6 +43,7 @@ type GitSource interface {
 	CreateRepoWebhook(repopath, url, secret string) error
 	ParseWebhook(r *http.Request, secret string) (*types.WebhookData, error)
 	CreateCommitStatus(repopath, commitSHA string, status CommitStatus, targetURL, description, context string) error
+	// ListUserRepos report repos where the user has the permission to create deploy keys and webhooks
 	ListUserRepos() ([]*RepoInfo, error)
 }