Skip to content

Call out how write:packages requires repo scope on PATs #3746

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Mar 31, 2021
Merged

Call out how write:packages requires repo scope on PATs #3746

merged 5 commits into from
Mar 31, 2021

Conversation

dgholz
Copy link
Contributor

@dgholz dgholz commented Feb 17, 2021

Why:

Closes #2660

What's being changed:

The docs used to recommend removing repo scope when creating a PAT with write:packages, but it's not possible. So, clearly call that out, and when linking to the security best practices, also call out which practice to follow.

Check off the following:

@welcome
Copy link

welcome bot commented Feb 17, 2021

Thanks for opening this pull request! A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.

@dgholz
Copy link
Contributor Author

dgholz commented Feb 17, 2021

I see in the preview that the warning appears twice.

Screen Shot 2021-02-17 at 13 29 06

I don't know the best way to get it to appear only once when both reusables are included in the same page. Should I worry about the warning appearing when either reusable appears by itself? If not, which reusable should the warning appear in?

I feel like, if it appears in only one place, it should be in reusables.package_registry.authenticate_with_pat_for_container_registry and not data reusables.package_registry.authenticate-to-container-registry-steps (matching where the original warning appeared)

@janiceilene
Copy link
Contributor

@dgholz Thanks so much for opening a PR! I'll get this triaged for review ⚡

@janiceilene janiceilene added content This issue or pull request belongs to the Docs Content team packages This issue or pull request should be reviewed by the docs packages team waiting for review Issue/PR is waiting for a writer's review labels Feb 17, 2021
@jmarlena jmarlena self-assigned this Mar 3, 2021
jmarlena
jmarlena reviewed Mar 5, 2021
View reviewed changes
Copy link
Contributor

@jmarlena jmarlena left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Heads up, given the security related content I'm requesting some input from other stakeholders. ⚡

@jmarlena jmarlena mentioned this pull request Mar 5, 2021
Closed
3 tasks
@watargolla watargolla mentioned this pull request Mar 8, 2021
Closed
@jmarlena jmarlena dismissed a stale review via ada9718 March 31, 2021 04:32
@jmarlena
Copy link
Contributor

Note: Since this PR was opened there have been some changes to this feature. GitHub Container Registry now supports using the GITHUB_TOKEN for GitHub Actions workflows, which improves the security experience here since users don't have to rely on a PAT in a workflow.

I also noted a workaround for only selecting the write:packages scope with this url: https://github.com/settings/tokens/new?scopes=write:packages.

jmarlena
jmarlena approved these changes Mar 31, 2021
View reviewed changes
Copy link
Contributor

@jmarlena jmarlena left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dgholz Thank you for your contribution here! 🚢 This looks ready to ship!

@jmarlena jmarlena merged commit 842626d into github:main Mar 31, 2021
@github-actions
Copy link
Contributor

Thanks very much for contributing! Your pull request has been merged 🎉 You should see your changes appear on the site in approximately 24 hours. If you're looking for your next contribution, check out our help wanted issues

@dgholz dgholz deleted the patch-1 branch May 24, 2021 08:20
@snyk-bot snyk-bot mentioned this pull request Dec 7, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmarlena jmarlena jmarlena approved these changes

Assignees

@jmarlena jmarlena

Labels
content This issue or pull request belongs to the Docs Content team packages This issue or pull request should be reviewed by the docs packages team waiting for review Issue/PR is waiting for a writer's review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

PAT creation section: possible incorrect info
3 participants
@dgholz @janiceilene @jmarlena