Andy Feller
Andy Feller
> Part of me wonders why we bother with GQL introspection rather than getting the GHES version from the meta endpoint and just hard coding what is available in each...
Interesting discovery, @ramonpetgrave64 TIL! I can see that `gh attestation verify` creates a regex based on the signer workflow input, which explains how this works as you've described. I don't...
Thanks for following up on the interest, @3f6a! ❤ I'd like to touch on 1) a blocking issue and 2) clarity on what this experience might look like. ### Blocking...
@jjacobgreen : appreciate you creating this issue and apologies as I imagine this has caused some amount of frustration! 🙇 > This seems to be either: > > - An...
> I realise this might be a way off, so perhaps as an intermediary step, it could be useful to have more clarity in the response about which API call...
@jjacobgreen : Let me be clear: **I think you're touching on a few important concerns**: 1. GitHub users want to adopt more secure, tightly scoped API tokens 2. GitHub CLI...
For completeness, this is the logic involved in detecting incorrect token permission scopes when 4XX HTTP errors are encountered, reading information out of `X-Oauth-Scopes` and `X-Accepted-Oauth-Scopes` to help users: https://github.com/cli/cli/blob/9e27af999ebd7e776ba5c2373371ed59a6eda096/api/client.go#L159-L257...
Created https://github.com/cli/cli/issues/9461 to capture which fine grain PAT permissions are needed to use GitHub CLI.
@jjacobgreen : After discussing with the Authorization team, it appears GraphQL doesn't readily have information about the necessary fine grain PAT scopes by object and mutation, making it impossible for...
@ataylorme : I couldn't agree with you more. 🙌 I'd like to explore your thoughts a little deeper in order to raise this discussion internally and shape this work: 1....