[Unexpected behaviour] GET repo response differs depending on other app permissions

Hello there!

I would like to report an unexpected behaviour for the REST API, more specifically for the GET /repos/{owner}/{repo} function affecting at least Github-Enterprise-Version: 3.0.8 with an app token.

Allowing the app the metadata read permissions (Permissions required for GitHub Apps - GitHub Docs), the values for allow_squash_merge, allow_merge_commit, allow_rebase_merge, delete_branch_on_merge and temp_clone_token were missing compared to the same request with a personal token with sufficient permissions. But PATCHing these values with the same app token (admin rw permissions set) is possible, and there the response contains the mentioned values.

Just after enabling rw Content permissions and rw Pull Request permissions (Permissions required for GitHub Apps - GitHub Docs) for the app the GET response with the app token also contains these values.

Kind regards,


Seeing the same. Note that read-only permissions don’t work – RW is required.

Exactly the same situation with our org, using a GitHub App to generate tokens for Terraform.