Current process will store someone's personal token (gh_token) and keep "carrying it"/using it everywhere (including pipeline) ad vitam aeternam.
Github Actions provides the (less fine-grained) token GITHUB_TOKEN. Any particular reasons to not use that one instead?
The way I see it the personal token can be fine-tuned, re. permissions, as needed and the GITHUB_TOKEN is either permissive or not.
Is that the only reason, to have greater control over the permissions of the token?
TL;DR
Current process will store someone's personal token (
gh_token
) and keep "carrying it"/using it everywhere (including pipeline) ad vitam aeternam. Github Actions provides the (less fine-grained) token GITHUB_TOKEN. Any particular reasons to not use that one instead? The way I see it the personal token can be fine-tuned, re. permissions, as needed and the GITHUB_TOKEN is either permissive or not. Is that the only reason, to have greater control over the permissions of the token?Terraform Resources
No response
Detailed design
No response
Additional information
No response