Repository Contents API Token Scope Requirement is Misleading #27413
Labels
content
This issue or pull request belongs to the Docs Content team
Comments
AdnaneKhan
added
the
content
|
Thanks for opening this issue. A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines. |
github-actions
bot
added
the
triage
|
@AdnaneKhan Thanks so much for opening an issue! I'll triage this for the team to take a look 👀 |
cmwilson21
added
rest-description
and removed
triage
|
Thank you for opening this issue! Updates to the REST API, GraphQL API, and webhook reference documentation must be made internally. I have copied your issue to an internal issue, so I will close this issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Code of Conduct
What article on docs.github.com is affected?
https://docs.github.com/en/rest/repos/contents?apiVersion=2022-11-28#create-or-update-file-contents
What part(s) of the article would you like to see updated?
The documentation for the repository contents API states that a token with the
workflowscope is needed. This is misleading because a token withworkflowscope is only needed if you are making changes to files within.github/workflows/. This could lead to end-users generating over-provisioned tokens when they do not need them. A workflow scoped PAT has repo write access and can trivially access all repo/org shared secrets.It would be good if the documentation specified that
workflowscope is only needed if the use case requires changes to workflow files. If not, then areposcoped token is sufficient.Additional information
No response
The text was updated successfully, but these errors were encountered: