search

jpoehnelt / secrets-sync-action

A Github Action that can sync secrets from one repository to many others.
https://github.com/marketplace/actions/secrets-sync-action
Apache License 2.0
314 stars 92 forks source link

Specify that new fine-grained tokens cannot be used for private repos #80

Closed kbroughton closed 1 year ago

kbroughton commented 1 year ago

It took me quite a while to discover what was causing only public repos to show despite granting access to private repos on the fine-grained token.

Fine-grained tokens are new, but are encouraged as they are much better for least-privilege.

However, as per the documentation, "Support for GraphQL. Currently, fine-grained PATs can only be used against the REST APIs". This may change in the futre.

If you run the following you get an error.

gh repo list --visibility private
HTTP 401: Personal access tokens with fine grained access do not support the GraphQL API (https://api.github.com/graphql)

Therefore, the documentation should specify that the GITHUB_TOKEN must be "Classic" not "Fine-grained" if you wish to push secrets to private repos.

github-actions[bot] commented 1 year ago

:tada: This issue has been resolved in version 1.7.2 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket: