kunalnagar
commented
1 year ago @simonweil - Thanks for the suggestion. I will take a look into this and update here!
Closed simonweil closed 1 year ago
kunalnagar
commented
1 year ago @simonweil - Thanks for the suggestion. I will take a look into this and update here!
steven-xufan
commented
1 year ago just wanted to add a comment that our team is using github application (instead of personal token) with the help of another action:
- name: Get Token
id: get_workflow_token
uses: peter-murray/workflow-application-token-action@v1
with:
application_id: ${{ secrets.YOUR_APP_ID }}
application_private_key: ${{ secrets.YOUR_APP_PRIVATE_KEY }}
- uses: kunalnagarco/action-cve@v1.7.13
with:
token: ${{ steps.get_workflow_token.outputs.token }}
slack_webhook: ${{ secrets.YOUR_WEBHOOK }}
count: 1@steven-xufan - This seems like a great work-around for teams trying to use my action. Would you be able to share the scopes that you used when creating a GitHub app to use peter-murray/workflow-application-token-action?
steven-xufan
commented
1 year ago @steven-xufan - This seems like a great work-around for teams trying to use my action. Would you be able to share the scopes that you used when creating a GitHub app to use
peter-murray/workflow-application-token-action?
Other than the default permission from creating the github application, i only added a read-only access for Dependabot alerts (screenshot below)
kunalnagar
commented
1 year ago @steven-xufan - thanks! I'm gonna update the Wiki with this information so other folks are able to create a PAT as well in a GitHub action.
@simonweil - closing this issue.
Hi,
As the personal token depends on the user existing it would be really great to be able to use an app for the required access.
Thanks so much