create-pull-request icon indicating copy to clipboard operation
create-pull-request copied to clipboard
verified publisher icon peter-evans

Fine-grained PATs will also work

Open jagthedrummer opened this issue 2 years ago • 3 comments

One of the strikes against using a PAT was the fact that they're not scoped to a repo, but recently GitHub has introduced "Fine-grained tokens" which can be scoped to a single repo.

I just ran some tests and can confirm that a fine-grained token will do the trick as long as you give it read/write access to "Contents" and "Pull Requests" under the "Repository Permissions" section. (Note that the "Metadata" permission will automatically be set to Read-only when you select either of the previously mentioned settings.)

Just thought I'd drop a note to help anyone who might be wondering.

Screenshot 2023-10-11 at 14-44-57 Fine-grained Personal Access Tokens

jagthedrummer avatar Oct 11 '23 19:10 jagthedrummer

Hi @jagthedrummer

Fine-grained PATs may work for some use cases, but not all. They are still in beta and some GitHub APIs don't support them yet.

For example, https://github.com/peter-evans/create-pull-request/issues/1791

This is why I'm not updating the docs to make it the preferred method yet. https://github.com/peter-evans/create-pull-request/pull/1937

peter-evans avatar Oct 12 '23 08:10 peter-evans

One thing I noticed: If the pull requests updates the workflows of the repository, the fine grain token needs the "Workflows" permission as well. Make sense to me but it took me awhile to figure it out.

rettenbs avatar Dec 11 '23 16:12 rettenbs