Missing description for new GITHUB_TOKEN scopes

After GitHub Actions: Control permissions for GITHUB_TOKEN - GitHub Changelog I’m looking into changing all my workflows to read-only by default and only enabling the things I need via the new permissions key.

The problem is that I don’t know which scope is needed to create a release, or add new release assets.

It would help a lot if Authentication in a workflow - GitHub Docs would have a short description for each scope which parts of the API it covers, or which “actions” it affects.

Thanks!

2 Likes

Permissions required for GitHub Apps - GitHub Docs lists API endpoints for each permission.

2 Likes

It would be really helpful to have that page from @ylemkimon linked somewhere more prominently in the Actions documentation because I had no idea that page existed. It’s exactly what I needed.

Thanks! This is what I was looking for.