feature: Documentation for how to use with the new Fine-grained personal access tokens

[stianlagstad]

Summary

At https://github.com/settings/tokens?type=beta there's now a new type of Personalized Access Tokens (PATs) called fine-grained personal access tokens. Creating these looks different than creating "classic" PATs. The readme of this repository currently says

The token must have the repo scope (when creating a repo runner) or the admin:org scope (when creating a runner for an organization). Personal Access Token for GitHub account can be created here.

Which is correct for the classic PATs, but since the process looks a bit different for the new fine-grained PATs: Could a description for how to use these be added? It's not clear to me how to configure them.

Issue Type

Feature Idea

[4wk-]

I've managed to make this role work with the new Fine-grained token, for a runner at org-scope.

On the Organisation settings, I've set:

• Allow access via fine-grained personal access tokens
• Require administrator approval
• Restrict access via personal access tokens (classic)

On my Personnal Github account (I am the org owner, for that matter), I've created a fine-grained PAT:

• In the field "Resource owner", don't forget to select the organization you are member of!
• Repository access > Public repo (read-only): my org have no public repos, but I think this is irrelevant
• In the Organization Permissions, you need to put Read and write access to "Administration" and "Self-hosted runners"

See also: https://docs.github.com/en/rest/overview/permissions-required-for-fine-grained-personal-access-tokens?apiVersion=2022-11-28#organization-administration

Hope it help someone, and YES please update documentation for this, even if this is a Github beta feature it is now well-known!

[kratenko]

Is there any information why this scripts needs read/write access to Administration? I mean, even if you told me, what you want to do, I am not giving a random script from the internet the permission to completely delete our organization on GitHub, access to billings, and to membership - that simply does not work! Is there not any way around that? Right now, this solution will not be used in our company, period.