quoting @narration_sd _Since it's all read-only for the publicly delivered app, won't it be safe enough to hard-code the token into the build's gridsome.config.js?
We could start doing that for now, no? ...create a fresh token, carefully setting only read perms for only things we need, and replace the environmental I used in that config with it. Then anyone running even in dev will immediately be using your own collected docs repo, as it grows.
When ready for beta or public delivery/s, create new tokens, possibly on a different Github account of docs repo forks, so you can keep the 'real' separated from development. Think this will cover enough?
A point I'm using here is that the token not only permits to, but actually addresses to the Github account it's been made for -- the access point is always just the GitHub api url_
quoting @narration_sd _Since it's all read-only for the publicly delivered app, won't it be safe enough to hard-code the token into the build's gridsome.config.js?
We could start doing that for now, no? ...create a fresh token, carefully setting only read perms for only things we need, and replace the environmental I used in that config with it. Then anyone running even in dev will immediately be using your own collected docs repo, as it grows.
When ready for beta or public delivery/s, create new tokens, possibly on a different Github account of docs repo forks, so you can keep the 'real' separated from development. Think this will cover enough?
A point I'm using here is that the token not only permits to, but actually addresses to the Github account it's been made for -- the access point is always just the GitHub api url_