search

jfmengels / node-elm-review

CLI for elm-review
https://package.elm-lang.org/packages/jfmengels/elm-review/latest/
BSD 3-Clause "New" or "Revised" License
48 stars 25 forks source link

Use GHA's token #310

Open lishaduck opened 1 week ago

lishaduck commented 1 week ago

GHA provides a token itself, we don't need to generate one. This is more-fine grained, easier to change if needed, and more secure.

I think the existing contents: read is sufficient, but it might not be. We'll see.

Based on https://github.com/jfmengels/node-elm-review/pull/309#issuecomment-2467063929.

lishaduck commented 1 week ago

Oh, the script needs a username. I'll think on this.

lishaduck commented 1 week ago

Ok, so the GITHUB_TOKEN is for a builtin github app, not your own account, so that i.e., contributing to a project with extensive doesn't use up your personal rate. Thus, there's not a username associated with it. However, I think we don't need a username to make authenticated requests, do we? Could we make it optional?