You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What part(s) of the article would you like to see updated?
The documentation for the repository contents API states that a token with the workflow scope is needed. This is misleading because a token with workflow scope is only needed if you are making changes to files within .github/workflows/. This could lead to end-users generating over-provisioned tokens when they do not need them. A workflow scoped PAT has repo write access and can trivially access all repo/org shared secrets.
It would be good if the documentation specified that workflow scope is only needed if the use case requires changes to workflow files. If not, then a repo scoped token is sufficient.
Additional information
No response
The text was updated successfully, but these errors were encountered:
Thanks for opening this issue. A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.
Thank you for opening this issue! Updates to the REST API, GraphQL API, and webhook reference documentation must be made internally. I have copied your issue to an internal issue, so I will close this issue.
Code of Conduct
What article on docs.github.com is affected?
https://docs.github.com/en/rest/repos/contents?apiVersion=2022-11-28#create-or-update-file-contents
What part(s) of the article would you like to see updated?
The documentation for the repository contents API states that a token with the
workflow
scope is needed. This is misleading because a token withworkflow
scope is only needed if you are making changes to files within.github/workflows/
. This could lead to end-users generating over-provisioned tokens when they do not need them. A workflow scoped PAT has repo write access and can trivially access all repo/org shared secrets.It would be good if the documentation specified that
workflow
scope is only needed if the use case requires changes to workflow files. If not, then arepo
scoped token is sufficient.Additional information
No response
The text was updated successfully, but these errors were encountered: