Skip to content

Commit

Permalink
feat: octokit.apps.scopeToken() (#316)
Browse files Browse the repository at this point in the history
  • Loading branch information
@octokitbot
octokitbot committed Jan 15, 2021
1 parent c0142b9 commit 954b096
Show file tree
Hide file tree
Showing 19 changed files with 846 additions and 100 deletions.
11 changes: 7 additions & 4 deletions docs/actions/setAllowedActionsOrganization.md
View file
@@ -1,6 +1,6 @@
---
name: Set allowed actions for an organization
example: octokit.actions.setAllowedActionsOrganization({ org })
example: octokit.actions.setAllowedActionsOrganization({ org, github_owned_allowed, verified_allowed, patterns_allowed })
route: PUT /orgs/{org}/actions/permissions/selected-actions
scope: actions
type: API method
Expand All @@ -19,6 +19,9 @@ You must authenticate using an access token with the `admin:org` scope to use th
```js
octokit.actions.setAllowedActionsOrganization({
org,
github_owned_allowed,
verified_allowed,
patterns_allowed,
});
```

Expand All @@ -36,17 +39,17 @@ octokit.actions.setAllowedActionsOrganization({
<tr><td>org</td><td>yes</td><td>

</td></tr>
<tr><td>github_owned_allowed</td><td>no</td><td>
<tr><td>github_owned_allowed</td><td>yes</td><td>

Whether GitHub-owned actions are allowed. For example, this includes the actions in the `actions` organization.

</td></tr>
<tr><td>verified_allowed</td><td>no</td><td>
<tr><td>verified_allowed</td><td>yes</td><td>

Whether actions in GitHub Marketplace from verified creators are allowed. Set to `true` to allow all GitHub Marketplace actions by verified creators.

</td></tr>
<tr><td>patterns_allowed</td><td>no</td><td>
<tr><td>patterns_allowed</td><td>yes</td><td>

Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, `monalisa/octocat@*`, `monalisa/octocat@v2`, `monalisa/*`."

Expand Down
11 changes: 7 additions & 4 deletions docs/actions/setAllowedActionsRepository.md
View file
@@ -1,6 +1,6 @@
---
name: Set allowed actions for a repository
example: octokit.actions.setAllowedActionsRepository({ owner, repo })
example: octokit.actions.setAllowedActionsRepository({ owner, repo, github_owned_allowed, verified_allowed, patterns_allowed })
route: PUT /repos/{owner}/{repo}/actions/permissions/selected-actions
scope: actions
type: API method
Expand All @@ -20,6 +20,9 @@ You must authenticate using an access token with the `repo` scope to use this en
octokit.actions.setAllowedActionsRepository({
owner,
repo,
github_owned_allowed,
verified_allowed,
patterns_allowed,
});
```

Expand All @@ -40,17 +43,17 @@ octokit.actions.setAllowedActionsRepository({
<tr><td>repo</td><td>yes</td><td>

</td></tr>
<tr><td>github_owned_allowed</td><td>no</td><td>
<tr><td>github_owned_allowed</td><td>yes</td><td>

Whether GitHub-owned actions are allowed. For example, this includes the actions in the `actions` organization.

</td></tr>
<tr><td>verified_allowed</td><td>no</td><td>
<tr><td>verified_allowed</td><td>yes</td><td>

Whether actions in GitHub Marketplace from verified creators are allowed. Set to `true` to allow all GitHub Marketplace actions by verified creators.

</td></tr>
<tr><td>patterns_allowed</td><td>no</td><td>
<tr><td>patterns_allowed</td><td>yes</td><td>

Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, `monalisa/octocat@*`, `monalisa/octocat@v2`, `monalisa/*`."

Expand Down
2 changes: 1 addition & 1 deletion docs/apps/addRepoToInstallation.md
View file
Expand Up @@ -10,7 +10,7 @@ type: API method

Add a single repository to an installation. The authenticated user must have admin access to the repository.

You must use a personal access token (which you can create via the [command line](https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/) or the [OAuth Authorizations API](https://docs.github.com/rest/reference/oauth-authorizations#create-a-new-authorization) or [Basic Authentication](https://docs.github.com/rest/overview/other-authentication-methods#basic-authentication) to access this endpoint.
You must use a personal access token (which you can create via the [command line](https://docs.github.com/github/authenticating-to-github/creating-a-personal-access-token) or [Basic Authentication](https://docs.github.com/rest/overview/other-authentication-methods#basic-authentication)) to access this endpoint.

```js
octokit.apps.addRepoToInstallation({
Expand Down
2 changes: 2 additions & 0 deletions docs/apps/checkToken.md
View file
Expand Up @@ -30,6 +30,8 @@ octokit.apps.checkToken({
<tbody>
<tr><td>client_id</td><td>yes</td><td>

The client ID of your GitHub app.

</td></tr>
<tr><td>access_token</td><td>yes</td><td>

Expand Down
2 changes: 2 additions & 0 deletions docs/apps/deleteAuthorization.md
View file
Expand Up @@ -30,6 +30,8 @@ octokit.apps.deleteAuthorization({
<tbody>
<tr><td>client_id</td><td>yes</td><td>

The client ID of your GitHub app.

</td></tr>
<tr><td>access_token</td><td>no</td><td>

Expand Down
2 changes: 2 additions & 0 deletions docs/apps/deleteToken.md
View file
Expand Up @@ -29,6 +29,8 @@ octokit.apps.deleteToken({
<tbody>
<tr><td>client_id</td><td>yes</td><td>

The client ID of your GitHub app.

</td></tr>
<tr><td>access_token</td><td>no</td><td>

Expand Down
2 changes: 1 addition & 1 deletion docs/apps/removeRepoFromInstallation.md
View file
Expand Up @@ -10,7 +10,7 @@ type: API method

Remove a single repository from an installation. The authenticated user must have admin access to the repository.

You must use a personal access token (which you can create via the [command line](https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/) or the [OAuth Authorizations API](https://docs.github.com/rest/reference/oauth-authorizations#create-a-new-authorization) or [Basic Authentication](https://docs.github.com/rest/overview/other-authentication-methods#basic-authentication) to access this endpoint.
You must use a personal access token (which you can create via the [command line](https://docs.github.com/github/authenticating-to-github/creating-a-personal-access-token) or [Basic Authentication](https://docs.github.com/rest/overview/other-authentication-methods#basic-authentication)) to access this endpoint.

```js
octokit.apps.removeRepoFromInstallation({
Expand Down
2 changes: 2 additions & 0 deletions docs/apps/resetToken.md
View file
Expand Up @@ -30,6 +30,8 @@ octokit.apps.resetToken({
<tbody>
<tr><td>client_id</td><td>yes</td><td>

The client ID of your GitHub app.

</td></tr>
<tr><td>access_token</td><td>yes</td><td>

Expand Down
218 changes: 218 additions & 0 deletions docs/apps/scopeToken.md
View file
@@ -0,0 +1,218 @@
---
name: Create a scoped access token
example: octokit.apps.scopeToken({ client_id })
route: POST /applications/{client_id}/token/scoped
scope: apps
type: API method
---

# Create a scoped access token

Exchanges a non-repository scoped user-to-server OAuth access token for a repository scoped user-to-server OAuth access token. You can specify which repositories the token can access and which permissions are granted to the token. You must use [Basic Authentication](https://docs.github.com/rest/overview/other-authentication-methods#basic-authentication) when accessing this endpoint, using the OAuth application's `client_id` and `client_secret` as the username and password. Invalid tokens will return `404 NOT FOUND`.

```js
octokit.apps.scopeToken({
client_id,
});
```

## Parameters

<table>
<thead>
<tr>
<th>name</th>
<th>required</th>
<th>description</th>
</tr>
</thead>
<tbody>
<tr><td>client_id</td><td>yes</td><td>

The client ID of your GitHub app.

</td></tr>
<tr><td>access_token</td><td>no</td><td>

**Required.** The OAuth access token used to authenticate to the GitHub API.

</td></tr>
<tr><td>target</td><td>no</td><td>

The name of the user or organization to scope the user-to-server access token to. **Required** unless `target_id` is specified.

</td></tr>
<tr><td>target_id</td><td>no</td><td>

The ID of the user or organization to scope the user-to-server access token to. **Required** unless `target` is specified.

</td></tr>
<tr><td>repositories</td><td>no</td><td>

The list of repository IDs to scope the user-to-server access token to. `repositories` may not be specified if `repository_ids` is specified.

</td></tr>
<tr><td>repository_ids</td><td>no</td><td>

The list of repository names to scope the user-to-server access token to. `repository_ids` may not be specified if `repositories` is specified.

</td></tr>
<tr><td>permissions</td><td>no</td><td>

The permissions granted to the user-to-server access token.

</td></tr>
<tr><td>permissions.actions</td><td>no</td><td>

The level of permission to grant the access token for GitHub Actions workflows, workflow runs, and artifacts. Can be one of: `read` or `write`.

</td></tr>
<tr><td>permissions.administration</td><td>no</td><td>

The level of permission to grant the access token for repository creation, deletion, settings, teams, and collaborators creation. Can be one of: `read` or `write`.

</td></tr>
<tr><td>permissions.checks</td><td>no</td><td>

The level of permission to grant the access token for checks on code. Can be one of: `read` or `write`.

</td></tr>
<tr><td>permissions.content_references</td><td>no</td><td>

The level of permission to grant the access token for notification of content references and creation content attachments. Can be one of: `read` or `write`.

</td></tr>
<tr><td>permissions.contents</td><td>no</td><td>

The level of permission to grant the access token for repository contents, commits, branches, downloads, releases, and merges. Can be one of: `read` or `write`.

</td></tr>
<tr><td>permissions.deployments</td><td>no</td><td>

The level of permission to grant the access token for deployments and deployment statuses. Can be one of: `read` or `write`.

</td></tr>
<tr><td>permissions.environments</td><td>no</td><td>

The level of permission to grant the access token for managing repository environments. Can be one of: `read` or `write`.

</td></tr>
<tr><td>permissions.issues</td><td>no</td><td>

The level of permission to grant the access token for issues and related comments, assignees, labels, and milestones. Can be one of: `read` or `write`.

</td></tr>
<tr><td>permissions.metadata</td><td>no</td><td>

The level of permission to grant the access token to search repositories, list collaborators, and access repository metadata. Can be one of: `read` or `write`.

</td></tr>
<tr><td>permissions.packages</td><td>no</td><td>

The level of permission to grant the access token for packages published to GitHub Packages. Can be one of: `read` or `write`.

</td></tr>
<tr><td>permissions.pages</td><td>no</td><td>

The level of permission to grant the access token to retrieve Pages statuses, configuration, and builds, as well as create new builds. Can be one of: `read` or `write`.

</td></tr>
<tr><td>permissions.pull_requests</td><td>no</td><td>

The level of permission to grant the access token for pull requests and related comments, assignees, labels, milestones, and merges. Can be one of: `read` or `write`.

</td></tr>
<tr><td>permissions.repository_hooks</td><td>no</td><td>

The level of permission to grant the access token to manage the post-receive hooks for a repository. Can be one of: `read` or `write`.

</td></tr>
<tr><td>permissions.repository_projects</td><td>no</td><td>

The level of permission to grant the access token to manage repository projects, columns, and cards. Can be one of: `read`, `write`, or `admin`.

</td></tr>
<tr><td>permissions.secret_scanning_alerts</td><td>no</td><td>

The level of permission to grant the access token to view and manage secret scanning alerts. Can be one of: `read` or `write`.

</td></tr>
<tr><td>permissions.secrets</td><td>no</td><td>

The level of permission to grant the access token to manage repository secrets. Can be one of: `read` or `write`.

</td></tr>
<tr><td>permissions.security_events</td><td>no</td><td>

The level of permission to grant the access token to view and manage security events like code scanning alerts. Can be one of: `read` or `write`.

</td></tr>
<tr><td>permissions.single_file</td><td>no</td><td>

The level of permission to grant the access token to manage just a single file. Can be one of: `read` or `write`.

</td></tr>
<tr><td>permissions.statuses</td><td>no</td><td>

The level of permission to grant the access token for commit statuses. Can be one of: `read` or `write`.

</td></tr>
<tr><td>permissions.vulnerability_alerts</td><td>no</td><td>

The level of permission to grant the access token to retrieve Dependabot alerts. Can be one of: `read`.

</td></tr>
<tr><td>permissions.workflows</td><td>no</td><td>

The level of permission to grant the access token to update GitHub Actions workflow files. Can be one of: `write`.

</td></tr>
<tr><td>permissions.members</td><td>no</td><td>

The level of permission to grant the access token for organization teams and members. Can be one of: `read` or `write`.

</td></tr>
<tr><td>permissions.organization_administration</td><td>no</td><td>

The level of permission to grant the access token to manage access to an organization. Can be one of: `read` or `write`.

</td></tr>
<tr><td>permissions.organization_hooks</td><td>no</td><td>

The level of permission to grant the access token to manage the post-receive hooks for an organization. Can be one of: `read` or `write`.

</td></tr>
<tr><td>permissions.organization_plan</td><td>no</td><td>

The level of permission to grant the access token for viewing an organization's plan. Can be one of: `read`.

</td></tr>
<tr><td>permissions.organization_projects</td><td>no</td><td>

The level of permission to grant the access token to manage organization projects, columns, and cards. Can be one of: `read`, `write`, or `admin`.

</td></tr>
<tr><td>permissions.organization_secrets</td><td>no</td><td>

The level of permission to grant the access token to manage organization secrets. Can be one of: `read` or `write`.

</td></tr>
<tr><td>permissions.organization_self_hosted_runners</td><td>no</td><td>

The level of permission to grant the access token to view and manage GitHub Actions self-hosted runners available to an organization. Can be one of: `read` or `write`.

</td></tr>
<tr><td>permissions.organization_user_blocking</td><td>no</td><td>

The level of permission to grant the access token to view and manage users blocked by the organization. Can be one of: `read` or `write`.

</td></tr>
<tr><td>permissions.team_discussions</td><td>no</td><td>

The level of permission to grant the access token to manage team discussions and related comments. Can be one of: `read` or `write`.

</td></tr>
</tbody>
</table>

See also: [GitHub Developer Guide documentation](https://docs.github.com/rest/reference/apps#create-a-scoped-access-token).
11 changes: 7 additions & 4 deletions docs/enterpriseAdmin/setAllowedActionsEnterprise.md
View file
@@ -1,6 +1,6 @@
---
name: Set allowed actions for an enterprise
example: octokit.enterpriseAdmin.setAllowedActionsEnterprise({ enterprise })
example: octokit.enterpriseAdmin.setAllowedActionsEnterprise({ enterprise, github_owned_allowed, verified_allowed, patterns_allowed })
route: PUT /enterprises/{enterprise}/actions/permissions/selected-actions
scope: enterpriseAdmin
type: API method
Expand All @@ -15,6 +15,9 @@ You must authenticate using an access token with the `admin:enterprise` scope to
```js
octokit.enterpriseAdmin.setAllowedActionsEnterprise({
enterprise,
github_owned_allowed,
verified_allowed,
patterns_allowed,
});
```

Expand All @@ -34,17 +37,17 @@ octokit.enterpriseAdmin.setAllowedActionsEnterprise({
The slug version of the enterprise name. You can also substitute this value with the enterprise id.

</td></tr>
<tr><td>github_owned_allowed</td><td>no</td><td>
<tr><td>github_owned_allowed</td><td>yes</td><td>

Whether GitHub-owned actions are allowed. For example, this includes the actions in the `actions` organization.

</td></tr>
<tr><td>verified_allowed</td><td>no</td><td>
<tr><td>verified_allowed</td><td>yes</td><td>

Whether actions in GitHub Marketplace from verified creators are allowed. Set to `true` to allow all GitHub Marketplace actions by verified creators.

</td></tr>
<tr><td>patterns_allowed</td><td>no</td><td>
<tr><td>patterns_allowed</td><td>yes</td><td>

Specifies a list of string-matching patterns to allow specific action(s). Wildcards, tags, and SHAs are allowed. For example, `monalisa/octocat@*`, `monalisa/octocat@v2`, `monalisa/*`."

Expand Down
2 changes: 1 addition & 1 deletion docs/licenses/getForRepo.md
View file
Expand Up @@ -10,7 +10,7 @@ type: API method

This method returns the contents of the repository's license file, if one is detected.

Similar to [Get repository content](https://docs.github.com/rest/reference/repos/contents#get-repository-content), this method also supports [custom media types](https://docs.github.com/rest/overview/media-types) for retrieving the raw license content or rendered license HTML.
Similar to [Get repository content](https://docs.github.com/rest/reference/repos#get-repository-content), this method also supports [custom media types](https://docs.github.com/rest/overview/media-types) for retrieving the raw license content or rendered license HTML.

```js
octokit.licenses.getForRepo({
Expand Down

0 comments on commit 954b096

Please sign in to comment.