renovate/renovate
1
0
Fork 0
mirror of https://github.com/renovatebot/renovate.git synced 2025-01-12 23:16:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

docs: document support for fine-grained pat (#27346)

Browse source 
Co-authored-by: Rhys Arkins <rhys@arkins.net>
Co-authored-by: HonkingGoose <34918129+HonkingGoose@users.noreply.github.com>
This commit is contained in:
Josh Soref 2024-03-18 17:46:33 -04:00 committed by GitHub
parent 12377e49dd
commit f4a96f84fe
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 24 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
lib/modules/platform/github/readme.md
View file

@ -2,8 +2,10 @@
## Authentication
First, [create a classic Personal Access Token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#creating-a-personal-access-token-classic) for the bot account, select `repo` scope.
Fine-grained Personal Access Tokens do not support the GitHub GraphQL API and cannot be used with Renovate.
First, create a [fine-grained](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-fine-grained-personal-access-token) _or_ a [classic](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#creating-a-personal-access-token-classic) PAT.
The PAT must have the `repo` scope.
Read the [GitHub Docs, about Personal Access Tokens](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#about-personal-access-tokens) to learn more about PATs.
Let Renovate use your PAT by doing _one_ of the following:
@ -25,6 +27,26 @@ You can choose where you want to set `endpoint`:
If you're self-hosting Renovate on GitHub.com with GitHub Actions in forking mode, and want Renovate to apply labels then you must give the PAT `triage` level rights on `issues`.
The `triage` level allows the PAT to apply/dismiss existing labels.
## Running using a fine-grained token
### Permissions
A fine-grained token must have these permissions:
| Permission | Access | Level |
| ------------------- | ---------------- | ------------------------------ |
| `Members` | `Read-only` | _Organization_ |
| `Commit statuses` | `Read and write` | _Repository_ or _Organization_ |
| `Contents` | `Read and write` | _Repository_ or _Organization_ |
| `Dependabot alerts` | `Read-only` | _Repository_ or _Organization_ |
| `Issues` | `Read and write` | _Repository_ or _Organization_ |
| `Pull requests` | `Read and write` | _Repository_ or _Organization_ |
| `Workflows` | `Read and write` | _Repository_ or _Organization_ |
<!-- prettier-ignore -->
!!! tip "Use a bot role account"
Consider creating a GitHub App to use instead of using your own GitHub user account.
## Running as a GitHub App
Instead of a bot account with a Personal Access Token you can run `renovate` as a self-hosted [GitHub App](https://docs.github.com/en/developers/apps/getting-started-with-apps).