jbmorley
commented
7 months ago I think it might be possible to do this by allowing users to create a custom token with limited scope. Sonar does this and I guess that's why.
Such an approach might be likely to lead to a number of more fine-grained failures and write operations (like re-running workflow jobs) might need to be disabled if the scope isn't sufficient.
One of our TestFlight testers found the requested scope to be off-putting; we should see if it's possible to ask for a reduced scope, or perhaps allow users to elect to have a smaller scope for read-only access.