-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: Update section about Fine-grained PATs #796
Labels
Comments
viceice
added
documentation
Improvements or additions to documentation
good first issue
Good for newcomers
labels
Nov 16, 2023
feel free to open a PR 🤗 |
Is this issue about the docs, or about getting It sounds like the bug reporter wants us to get the action to work with GraphQL? Related issue/PRWe had this issue: That was closed with: Copy/paste of current readmeIt looks like the readme properly mentions the problems with fine-grained tokens and the GitHub GraphQL API: ### `token`
[Generate a Personal Access Token (classic)](https://github.com/settings/tokens), with the `repo:public_repo` scope for only public repositories or the `repo` scope for public and private repositories, and add it to _Secrets_ (repository settings) as `RENOVATE_TOKEN`.
You can also create a token without a specific scope, which gives read-only access to public repositories, for testing.
This token is only used by Renovate, see the [token configuration](https://docs.renovatebot.com/self-hosted-configuration/#token), and gives it access to the repositories.
The name of the secret can be anything as long as it matches the argument given to the `token` option.
Note that Renovate _cannot_ currently use [Fine-grained Personal Access Tokens](https://github.com/settings/tokens?type=beta) since they do not support the GitHub GraphQL API, yet.
Note that the [`GITHUB_TOKEN`](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token#permissions-for-the-github_token) secret can't be used for authenticating Renovate because it has too restrictive permissions.
In particular, using the `GITHUB_TOKEN` to create a new `Pull Request` from more types of Github Workflows results in `Pull Requests` that [do not trigger your `Pull Request` and `Push` CI events](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow).
If you want to use the `github-actions` manager, you must setup a [special token](#special-token-requirements-when-using-the-github-actions-manager) with some requirements. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Description
In https://github.com/renovatebot/github-action#token it's claimed that fine-grained PATs cannot be used since they don't support GitHub's GraphQL API. This seems to have been implemented now.
The text was updated successfully, but these errors were encountered: