Closed jcbhmr closed 1 year ago
First: I'd be happy to be proven wrong about this, since manually creating a PAT is a bit annoying 🙂
As far as I know, the default GitHub token available in actions (secrets.GITHUB_TOKEN
/github.token
) is limited to only being able to access the repo that triggered the action. In my experience, that limitation means it has read access to the wiki repository, since it's a public repository, but does not have write access, since it's a different remote URL.
If you could find a way to get this action to work without creating a PAT, and documented it, I'd be very grateful :pray:
There's some more discussion about this that I had with @Andrew-Chen-Wang over in https://github.com/Andrew-Chen-Wang/github-wiki-action/issues/17 that is at least tangentially related to this
Although it's not mentioned in any GitHub issues in my repo, I made the repo from inspo that you couldn't delete files from decathalon's action. Someone who beta tested said a GitHub pat is needed, so that's why I've got it in my repo as well.
👍 @Andrew-Chen-Wang good to know! I'd love to contribute some wiki documentation about:
git push
cli)permissions: ...
github actions yml value to set the proper permissions (this seems to be a recurring issue https://github.com/Andrew-Chen-Wang/github-wiki-action/discussions/14#discussioncomment-2769855)same for @spenserblack I'd love to help document stuff in your readme! ❤ more docs are more better
After some investigative journalism (looking at what others have done) and research (reading the docs), I've come to the conclusion that you don't need a PAT to push to the wiki of a repo. You just need the content: write
permission. This lets you push, force push, pull, etc. with the git endpoint at user/repo.wiki.git
. Sometimes, git even caches the token for a particular origin, so you don't need to re-auth if you git clone
! You can just git push
and it works for that same origin!
This can be reflected in the readme refactor #9
If it's alright, would you be able to link to a successful workflow run that uses github.token
so that I can be sure about this?
Sure! Here's some of my research items:
Here's what I mean by "old default write"
Now the default is the second "readonly" option, not the read/write one
I notice from the readme:
I don't think this is true? I was under the impression from my own attempt at a sub-par wiki action https://github.com/jcbhmr/publish-to-github-wiki that you can just use the
${{ github.token }}
as long as you have thecontent: write
permission.Recently GitHub did change up their permissions defaults to make them no longer write-permissive by default which may have thrown things off? I have already been bitten by this: https://github.com/jcbhmr/devcontainer-features/issues/2
Am I completely wrong? Is there something I'm missing? 🤷♂️