Comment 6 for bug 2012516

1) git repo access
I sort of expect to be allowed to set per-branch/repo advanced ACLs and grant read-only or write access to the "ci-jobs", and then sort of expect magic to happen in launchpad (i.e. ephemeral HTTP GIT token is created, and deployed to lpcrafts, which then is able to access all the resources needed).

I expect it to be scoped to the owner of the git repository where lpcraft is running, and not disclose such tokens to merge-requests from other people.

2) PPA access
Similarly, i expect to be allowed to declare package-repositories (using snapcraft yaml syntax for repos), and then ephemeral access is generated and injected into my lpcraft build (something similar to add-apt-repository --login, where login permissions are used of the git repo $owner)

The basic principal, is that lpcraft repo owned by $person, should be able to have read-only access to git repos & PPAs, like the said $person. inside launchpad, automatically using ephemeral auto-generated tokens/secrets.