Closed thunermay closed 1 week ago
Thanks for opening this issue. A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.
@thunermay Thank you for opening an issue! I'll get this triaged for review ✨
Hi @thunermay 👋 Thanks for opening this issue! After investigating your report, it appears the requirement for Full Access scope for inventory-report
and integrate-boards
is a known issue, and there's not much GitHub can currently do about it unless Azure DevOps changes their API's.
I have however passed along your experience to the internal GitHub team responsible for migrations, for consideration in future conversations about how to improve this feature and GitHub.
It sounds like updating our docs, by changing a sentence and adding another, may help other users learn of this requirement. I suggest, in the "Personal access tokens for Azure DevOps" section, we make the following changes.
Change the following sentence:
If you want to use the
--integrate-boards
or--rewire-pipelines
flags when generating a migration script, you will also need Build (Read) scope.
to:
If you want to use the
--rewire-pipelines
flag when generating a migration script, you will also needBuild (Read)
scope. To use theinventory-report
and--integrate-boards
flags, you will need to grant full access to your personal access token.
You or anyone else is welcome to open a PR with a fix for this issue.
Code of Conduct
What article on docs.github.com is affected?
Managing access for a migration from Azure DevOps https://docs.github.com/en/migrations/using-github-enterprise-importer/migrating-from-azure-devops-to-github-enterprise-cloud/managing-access-for-a-migration-from-azure-devops#required-scopes-for-personal-access-tokens
What part(s) of the article would you like to see updated?
Required scopes for personal access tokens -> Personal access tokens for Azure DevOps
Additional information
The said scopes are not sufficient to generate an inventory report (gh ado2gh inventory-report). When giving the PAT full access on the ADO site, the generation worked. I'm sorry I don't have the time to figure out which scope is needed for this. This is the Error message without the needed scope: