GITHUB_TOKEN replacement


I want to replace the GITHUB_TOKEN for a more specific one and there is one thing I can’t understand.

For the three actions that I am using, that require GITHUB_TOKEN, a token with only “public_repo” permission is enough, but “public_repo” does include main permissions in itself.

Is there a way to specify even more or that’s the lowest level of specificity currently ?

Options to restrict the GITHUB_TOKEN have been added recently:

But even before that the GITHUB_TOKEN was generally the safer choice, because it’s scoped to the repository. A PAT applies to everything you have access to.

1 Like