Add the needed permissions/scopes to the custom action documentation

Question

Add the needed permissions/scopes to the custom action documentation

Closed this issue 10 months ago · 4 comments

TL;DR

The document does not state the necessary scopes for the authentication to GitHub, which leads to a permissions error on runtime (which also does not show the necessary scopes needed).

I would expect that info in the README here.

Expected behavior

Documentation indicates the scopes that are needed

Observed behavior

No response

Version

main

On which operating system are you using legitify?

Linux

Relevant log output

Running on a single repo:

legitify failed with:
Using Github Cloud
Error: repository <org>/<repo> insufficient permissions

No response

Additional information

No response

Answer 1 · 2023-11-06T19:22:23.000Z

Hi @rajbos

We mention in the readme the following scopes:

admin:org, read:enterprise, admin:org_hook, read:org, repo, read:repo_hook

Did you mean something else?

Answer 2 · 2023-11-07T01:42:34.000Z

@noamd-legit , that is for the run on the org level, indeed. I would also recommend to add the necessary permissions for when running in the current repo. It is possible to run this action with just the GITHUB_TOKEN if you want to, correct? Add those permissions with the permissions keyword to the example?

Answer 3 · 2023-11-08T00:18:09.000Z

Yeah you can use GITHUB_TOKEN for the action but only when running for the current repository otherwise it will fail.
I'll clarify in the readme

Thank you!

Answer 4 · 2023-11-15T14:18:40.000Z

@rajbos I reverified the behavior, unfortunately currently GITHUB_TOKEN is not supported by the action since legitify requires access to https://api.github.com/user/orgs API

I opened a feature request here: #265