-
Hi, I’m admin (and owner) of several organisations. Is there a way to use a technical account and token to publish with a limited scope (OAuth & repo/orga) ? I didn’t succeed to use the GITHUB_TOKEN secret by following the docs I found on this subject. If not possible, is there a way to limit my personal key to a subset of my own repository ? Thanks for your help, PS : it’s my first experience with Action & Workflow, I’m really more familiar with Gitlab concepts |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
When you create a personal access token (PAT), there is not method to limit the scope of this PAT to a specific organization or repository. What you can choose is to limit the scope to private repositories or public repositories or all repositories on your organisations and user account. More details, see “Available scopes”. The permissions of the GITHUB_TOKEN are limited to the repository that contains your workflow. |
Beta Was this translation helpful? Give feedback.
-
Thanks for your response. I finally found the right way to use the github_token, the documentation purpose many ways but not of them are right (or complete in fact). I had to:
|
Beta Was this translation helpful? Give feedback.
@pkernevez,
When you create a personal access token (PAT), there is not method to limit the scope of this PAT to a specific organization or repository. What you can choose is to limit the scope to private repositories or public repositories or all repositories on your organisations and user account. More details, see “Available scopes”.
The permissions of the GITHUB_TOKEN are limited to the repository that contains your workflow.
That means the GITHUB_TOKEN is only available to the repository where the workflow is running. You can’t use it to access other repositories in the workflow.