mkdocs-git-committers-plugin-2 icon indicating copy to clipboard operation
mkdocs-git-committers-plugin-2 copied to clipboard
verified publisher icon ojacques

What `scopes` does the token need to access GitHub contributors on a `private` repository?

Open zigelboim-misha opened this issue 1 year ago • 5 comments

It took me some trial and errors to get the contributors icons to appear on my mkdocs docs.

I had to play with the scopes on my token to make it work. Maybe I have missed the documentation on it, please let me know and comment a link :)

Could add more detailed documentation about the Select scopes the token needs to read contributors?

uncheck everything when creating the GitHub Token at github.com/settings/personal-access-tokens/new, unless you access private repositories.

For private GitHub repositories, you only need to allow read-only access to Contents and Metadata on the target repository. This could be done by setting Read-only access of Permissions > Repository permissions > Contents.

source

I did not understand where do I find this setting or how is it connected to the access token I have to provide.

Maybe you could add this image to the docs or explicitly mention the scopes required for the token to allow mkdocs access contributors on a private repository?

Screenshot 2024-10-14 at 15 45 54

zigelboim-misha avatar Oct 14 '24 12:10 zigelboim-misha

For private GitHub repositories, you only need to allow read-only access to Contents and Metadata on the target repository. This could be done by setting Read-only access of Permissions > Repository permissions > Contents.

Does it mean Settings -> Actions -> General -> Actions permissions -> Workflow permissions?

image

sheeeng avatar Nov 18 '24 21:11 sheeeng

@sheeeng From my understanding, this check box for Workflow permissions is for workflows only.

In the docs it says to create a new Token, while the GITHUB_TOKEN is a token used internally when running workflows and cannot be copied to be used outside of ci-cd as a normal token.

Could you correct me?

zigelboim-misha avatar Nov 19 '24 13:11 zigelboim-misha

Could you correct me?

I'm not sure myself too. Sorry. I will wait clarification from the maintainer.

sheeeng avatar Nov 21 '24 14:11 sheeeng

On GitHub, it should depend on whether you select "fine-grained tokens" or "Tokens (classic)".

  • fine-grained tokens (recommended)

    • Select the repository which you want to access to
    • Under "Permissions", select Contents "Access: read-only"
    • Under "Permissions", select Meta-data "Access: Read-only"

    image
    image

  • Tokens (classic)

    • Check "repo". It really is a big scope, this is why fine-grained access would be recommended

    image

Let me know if this works for you.

ojacques avatar Nov 24 '24 18:11 ojacques

Making the classic Token this way worked, as stated in the initial message, maybe adding this detailed images to the docs will stop future confusions?

zigelboim-misha avatar Nov 25 '24 07:11 zigelboim-misha