Document GitHub app permissions - Githubissues

woodpecker-ci / woodpecker

Woodpecker is a simple, yet powerful CI/CD engine with great extensibility.

https://woodpecker-ci.org

Apache License 2.0

4.17k stars 360 forks source link

Document GitHub app permissions #1081

Closed JulianGro closed 11 months ago

JulianGro commented 2 years ago

Clear and concise description of the problem

Right now when adding WoodpeckerCI to GitHub you have to either give it full permission to do everything, or do trial and error.

Suggested solution

There should be a list of permissions WoodpeckerCI needs when used as a GitHub app.

Alternative

No response

Additional context

Most of the permissions I have enabled right now are just guesses. The only permission I know for sure is needed is

User permissions:
    Email addresses: Read-only

Validations

[X] Read the Contributing Guidelines.
[X] Read the docs.
[X] Check that there isn't already an issue that request the same feature to avoid creating a duplicate.

6543 commented 2 years ago

oauth2 let's you declare the scope ... so it's not only documentation but also code we can improve

https://github.com/woodpecker-ci/woodpecker/blob/efdad4a9fc62797d89eb0d57af5fbd0b226948d4/server/remote/github/github.go#L350

:thinking: we already do this