Skip to content

ci: scopedown GitHub token #50

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

ci: scopedown GitHub token #50

wants to merge 3 commits into from

Conversation

@AdnaneKhan
Copy link

@AdnaneKhan AdnaneKhan commented Oct 21, 2025

Issue #, if available:

Description of changes:

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@liwadman
Copy link
Contributor

liwadman commented Oct 21, 2025
edited
Loading

Hey Adnan, thank you for your submission.

I have no concerns on the modification for notifier task as it's pretty uninteresting and benign, but I've forwarded this to my colleague who is more familiar with our repo sync setup to understand the specifics of what we're doing with that and the implications of being more explicit with the permissions and to do some testing.

@liwadman liwadman requested a review from lauradreith October 21, 2025 16:31
@AdnaneKhan
Modify permissions in repo-sync workflow
daaa1b3 
Remove write permissions as workflow uses a token from secret.
@AdnaneKhan
Copy link
Author

AdnaneKhan commented Oct 22, 2025

Hey Adnan, thank you for your submission.

I have no concerns on the modification for notifier task as it's pretty uninteresting and benign, but I've forwarded this to my colleague who is more familiar with our repo sync setup to understand the specifics of what we're doing with that and the implications of being more explicit with the permissions and to do some testing.

Thanks! Based on the workflow if it still uses the PAT then no permissions are needed (as it uses the PAT for auth). If using the GitHub token it'll need contents: write + pull-requests: write (if it is making a PR on this repo - if making a PR on another repo it will always need the PAT).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lauradreith lauradreith Awaiting requested review from lauradreith

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AdnaneKhan @liwadman