tic icon indicating copy to clipboard operation
tic copied to clipboard

Published 20 hours ago verified publisher icon ropensci

Check scope of GITHUB_PAT

Open krlmlr opened this issue 4 years ago • 4 comments

before performing actions.

By default I'm using a very poorly scoped PAT if any, only adding a powerful one if needed. Protection against shooting myself in the foot.

krlmlr avatar May 29 '20 03:05 krlmlr

The one used currently is the one provided by GitHub during every GHA build. It only aims to prevent {remotes} rate limit issues.

If there is a more powerful one needed, the respective secret name would need to be updated.

pat-s avatar May 29 '20 20:05 pat-s

What would be a possible action by {tic} depending on path's scope?

pat-s avatar Jun 24 '20 19:06 pat-s

Unless there are some special tasks being executed (like workflow updates) the default PAT inserted by GitHub does the job.

I don't think we need to specifically check a PAT's scope, at least not now. People who need special scopes usually know that they need to add one to the build and reference it accordingly.

pat-s avatar Aug 27 '20 11:08 pat-s

This is about the token used in use_tic() . Agree we don't need special handling inside GHA.

krlmlr avatar Aug 27 '20 11:08 krlmlr