Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: document support for fine-grained pat #27346

Merged
merged 5 commits into from Mar 18, 2024
Merged

docs: document support for fine-grained pat #27346

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
be1d3fa
docs: document support for fine-grained pat
jsoref Feb 16, 2024
8b6214b
Tweak tip
jsoref Feb 16, 2024
9a8752b
Update readme.md
rarkins Feb 18, 2024
e7dc25e
Apply suggestions from code review
jsoref Mar 13, 2024
b01eb38
Merge branch 'main' into issue-27335
rarkins Mar 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
26 changes: 24 additions & 2 deletions lib/modules/platform/github/readme.md
View file
Open in desktop
Expand Up @@ -2,8 +2,10 @@

## Authentication

First, [create a classic Personal Access Token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#creating-a-personal-access-token-classic) for the bot account, select `repo` scope.
Fine-grained Personal Access Tokens do not support the GitHub GraphQL API and cannot be used with Renovate.
First, create a [fine-grained](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-fine-grained-personal-access-token) _or_ a [classic](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#creating-a-personal-access-token-classic) PAT.
The PAT must have the `repo` scope.

Read the [GitHub Docs, about Personal Access Tokens](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#about-personal-access-tokens) to learn more about PATs.

Let Renovate use your PAT by doing _one_ of the following:

Expand All @@ -25,6 +27,26 @@ You can choose where you want to set `endpoint`:
If you're self-hosting Renovate on GitHub.com with GitHub Actions in forking mode, and want Renovate to apply labels then you must give the PAT `triage` level rights on `issues`.
The `triage` level allows the PAT to apply/dismiss existing labels.

## Running using a fine-grained token

### Permissions

A fine-grained token must have these permissions:

| Permission | Access | Level |
| ------------------- | ---------------- | ------------------------------ |
| `Members` | `Read-only` | _Organization_ |
| `Commit statuses` | `Read and write` | _Repository_ or _Organization_ |
| `Contents` | `Read and write` | _Repository_ or _Organization_ |
| `Dependabot alerts` | `Read-only` | _Repository_ or _Organization_ |
| `Issues` | `Read and write` | _Repository_ or _Organization_ |
| `Pull requests` | `Read and write` | _Repository_ or _Organization_ |
| `Workflows` | `Read and write` | _Repository_ or _Organization_ |

<!-- prettier-ignore -->
!!! tip "Use a bot role account"
Consider creating a GitHub App to use instead of using your own GitHub user account.

## Running as a GitHub App

Instead of a bot account with a Personal Access Token you can run `renovate` as a self-hosted [GitHub App](https://docs.github.com/en/developers/apps/getting-started-with-apps).
Expand Down