Allow creating read-only tokens #12450
Kobzol
started this conversation in
Feature Requests
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Some services (e.g. GitHub) allow creating read-only scopes for API tokens, which allows safely using a token in untrusted or only partially trusted environments. In the
teamrepository, we have synchronization code that syncs crates.io ownership and trusted publishing configurations. We use a so-called dry-run of this code on PRs, to show what would happen if the code would be merged. It would be very useful to have a read-only token that could do this dry-run, to avoid risking that a full token would be used in a workflow that uses data or code from arbitrary pull requests.Beta Was this translation helpful? Give feedback.
All reactions