How to involve a non-trusted contributor on GitHub?

Question

I will involve a new company to contribute to one of my projects that is currently in a private repo on GitHub. I have not worked with this company before so I would like to limit there possibility to do too much with my repo. I have the following workflow in mind and would like you comments if I think in the right direction.

1. Since my repo is private I set up a team and invite the new contributors with pull access only.
2. I set up a specific branch for their assignment, such as 'new_order_form'
3. I ask them for fork my repo.
4. I ask them to checkout the 'new_order_form' branch and do their commits to that branch and then request a pull-request in git-hub when done.
5. Our chief architect fetch the branch and review the code. If happy with the result after verification he merge the branch into master and delete the 'new_order_form' branch.

Is this the most efficient way of working? Or is there a way to limit their push to a specific branch ('new_order_form') and read only to the master branch?

Answer 1

Every user forking and then only working in his repository is the most common workflow. Your "chief architect" then fetches from his repository and integrates it in the main repo. THe new guy then deletes his branch since it's finished.