elstudio
using GITHUB_TOKEN for writing repository settings
Hey, we've been implementing this action over the last days and have found that the actions' GITHUB_TOKEN is not permitted to read/write most of the settings, that probot needs to access.
Do we have to use a PAT (which is somewhat tricky to share across an organization) or is there a way to achieve this with a repository token?
What a great question!
While the built-in GITHUB_TOKEN will allow you to set repository labels, it doesn’t have powers to set branch protections, much less rename repositories or set contributors. For that, you’d need a token that has repository administrator powers. Of course that could be done with a PAT — but sharing a PAT with adminstrator powers across an organization is genarally A Very Bad Idea.
A better way is to use a GitHub Application to generate tokens with just the powers you need. While the setup for that is a little complicated, it app tokens are much more flexible in the permissions they offer — and probably a better fit for this use.
And of course, there’s an action for that: https://github.com/peter-murray/workflow-application-token-action
Ha thank you so much. Are you open for a PR to rename the GITHUB_TOKEN in the readme to something else ? Was a Little confusing at First (but of course obvious once you find out what permissions the token has)