octokit · wolfy1339 · Sep 23, 2023 · Sep 22, 2023 · Sep 23, 2023
diff --git a/docs/actions/addCustomLabelsToSelfHostedRunnerForOrg.md b/docs/actions/addCustomLabelsToSelfHostedRunnerForOrg.md
@@ -11,6 +11,9 @@ type: API method
 Add custom labels to a self-hosted runner configured in an organization.
 
 You must authenticate using an access token with the `admin:org` scope to use this endpoint.
+If the repository is private, you must use an access token with the `repo` scope.
+GitHub Apps must have the `administration` permission for repositories and the `organization_self_hosted_runners` permission for organizations.
+Authenticated users must have admin access to repositories or organizations, or the `manage_runners:enterprise` scope for enterprises, to use these endpoints.
 
 ```js
 octokit.rest.actions.addCustomLabelsToSelfHostedRunnerForOrg({
@@ -49,4 +52,4 @@ The names of the custom labels to add to the runner.
   </tbody>
 </table>
 
-See also: [GitHub Developer Guide documentation](https://docs.github.com/rest/reference/actions#add-custom-labels-to-a-self-hosted-runner-for-an-organization).
+See also: [GitHub Developer Guide documentation](https://docs.github.com/rest/actions/self-hosted-runners#add-custom-labels-to-a-self-hosted-runner-for-an-organization).
diff --git a/docs/actions/addCustomLabelsToSelfHostedRunnerForRepo.md b/docs/actions/addCustomLabelsToSelfHostedRunnerForRepo.md
@@ -10,8 +10,10 @@ type: API method
 
 Add custom labels to a self-hosted runner configured in a repository.
 
-You must authenticate using an access token with the `repo` scope to use this
-endpoint.
+You must authenticate using an access token with the `repo` scope to use this endpoint.
+If the repository is private, you must use an access token with the `repo` scope.
+GitHub Apps must have the `administration` permission for repositories and the `organization_self_hosted_runners` permission for organizations.
+Authenticated users must have admin access to repositories or organizations, or the `manage_runners:enterprise` scope for enterprises, to use these endpoints.
 
 ```js
 octokit.rest.actions.addCustomLabelsToSelfHostedRunnerForRepo({
@@ -56,4 +58,4 @@ The names of the custom labels to add to the runner.
   </tbody>
 </table>
 
-See also: [GitHub Developer Guide documentation](https://docs.github.com/rest/reference/actions#add-custom-labels-to-a-self-hosted-runner-for-a-repository).
+See also: [GitHub Developer Guide documentation](https://docs.github.com/rest/actions/self-hosted-runners#add-custom-labels-to-a-self-hosted-runner-for-a-repository).
diff --git a/docs/actions/addSelectedRepoToOrgSecret.md b/docs/actions/addSelectedRepoToOrgSecret.md
@@ -8,7 +8,14 @@ type: API method
 
 # Add selected repository to an organization secret
 
-Adds a repository to an organization secret when the `visibility` for repository access is set to `selected`. The visibility is set when you [Create or update an organization secret](https://docs.github.com/rest/reference/actions#create-or-update-an-organization-secret). You must authenticate using an access token with the `admin:org` scope to use this endpoint. GitHub Apps must have the `secrets` organization permission to use this endpoint.
+Adds a repository to an organization secret when the `visibility` for
+repository access is set to `selected`. The visibility is set when you [Create or
+update an organization secret](https://docs.github.com/rest/actions/secrets#create-or-update-an-organization-secret).
+
+You must authenticate using an access token with the `admin:org` scope to use this endpoint.
+If the repository is private, you must use an access token with the `repo` scope.
+GitHub Apps must have the `secrets` organization permission to use this endpoint.
+Authenticated users must have collaborator access to a repository to create, update, or read secrets.
 
 ```js
 octokit.rest.actions.addSelectedRepoToOrgSecret({
@@ -45,4 +52,4 @@ The name of the secret.
   </tbody>
 </table>
 
-See also: [GitHub Developer Guide documentation](https://docs.github.com/rest/reference/actions#add-selected-repository-to-an-organization-secret).
+See also: [GitHub Developer Guide documentation](https://docs.github.com/rest/actions/secrets#add-selected-repository-to-an-organization-secret).
diff --git a/docs/actions/addSelectedRepoToOrgVariable.md b/docs/actions/addSelectedRepoToOrgVariable.md
@@ -8,7 +8,13 @@ type: API method
 
 # Add selected repository to an organization variable
 
-Adds a repository to an organization variable that is available to selected repositories. Organization variables that are available to selected repositories have their `visibility` field set to `selected`. You must authenticate using an access token with the `admin:org` scope to use this endpoint. GitHub Apps must have the `organization_actions_variables:write` organization permission to use this endpoint.
+Adds a repository to an organization variable that is available to selected repositories.
+Organization variables that are available to selected repositories have their `visibility` field set to `selected`.
+
+You must authenticate using an access token with the `admin:org` scope to use this endpoint.
+If the repository is private, you must use an access token with the `repo` scope.
+GitHub Apps must have the `organization_actions_variables:write` organization permission to use this endpoint.
+Authenticated users must have collaborator access to a repository to create, update, or read variables.
 
 ```js
 octokit.rest.actions.addSelectedRepoToOrgVariable({

diff --git a/docs/actions/addSelectedRepoToRequiredWorkflow.md b/docs/actions/addSelectedRepoToRequiredWorkflow.md
diff --git a/docs/actions/approveWorkflowRun.md b/docs/actions/approveWorkflowRun.md
@@ -49,4 +49,4 @@ The unique identifier of the workflow run.
   </tbody>
 </table>
 
-See also: [GitHub Developer Guide documentation](https://docs.github.com/rest/reference/actions#approve-a-workflow-run-for-a-fork-pull-request).
+See also: [GitHub Developer Guide documentation](https://docs.github.com/rest/actions/workflow-runs#approve-a-workflow-run-for-a-fork-pull-request).
diff --git a/docs/actions/cancelWorkflowRun.md b/docs/actions/cancelWorkflowRun.md
@@ -8,7 +8,11 @@ type: API method
 
 # Cancel a workflow run
 
-Cancels a workflow run using its `id`. You must authenticate using an access token with the `repo` scope to use this endpoint. GitHub Apps must have the `actions:write` permission to use this endpoint.
+Cancels a workflow run using its `id`.
+
+You must authenticate using an access token with the `repo` scope to use this endpoint.
+If the repository is private, you must use an access token with the `repo` scope.
+GitHub Apps must have the `actions:write` permission to use this endpoint.
 
 ```js
 octokit.rest.actions.cancelWorkflowRun({
@@ -47,4 +51,4 @@ The unique identifier of the workflow run.
   </tbody>
 </table>
 
-See also: [GitHub Developer Guide documentation](https://docs.github.com/rest/reference/actions#cancel-a-workflow-run).
+See also: [GitHub Developer Guide documentation](https://docs.github.com/rest/actions/workflow-runs#cancel-a-workflow-run).
diff --git a/docs/actions/createEnvironmentVariable.md b/docs/actions/createEnvironmentVariable.md
@@ -9,8 +9,11 @@ type: API method
 # Create an environment variable
 
 Create an environment variable that you can reference in a GitHub Actions workflow.
+
 You must authenticate using an access token with the `repo` scope to use this endpoint.
+If the repository is private, you must use an access token with the `repo` scope.
 GitHub Apps must have the `environment:write` repository permission to use this endpoint.
+Authenticated users must have collaborator access to a repository to create, update, or read variables.
 
 ```js
 octokit.rest.actions.createEnvironmentVariable({

diff --git a/docs/actions/createOrUpdateEnvironmentSecret.md b/docs/actions/createOrUpdateEnvironmentSecret.md
@@ -9,81 +9,11 @@ type: API method
 # Create or update an environment secret
 
 Creates or updates an environment secret with an encrypted value. Encrypt your secret using
-[LibSodium](https://libsodium.gitbook.io/doc/bindings_for_other_languages). You must authenticate using an access
-token with the `repo` scope to use this endpoint. GitHub Apps must have the `secrets` repository permission to use
-this endpoint.
+[LibSodium](https://libsodium.gitbook.io/doc/bindings_for_other_languages). For more information, see "[Encrypting secrets for the REST API](https://docs.github.com/rest/guides/encrypting-secrets-for-the-rest-api)."
 
-**Example encrypting a secret using Node.js**
-
-Encrypt your secret using the [libsodium-wrappers](https://www.npmjs.com/package/libsodium-wrappers) library.
-
-```
-const sodium = require('libsodium-wrappers')
-const secret = 'plain-text-secret' // replace with the secret you want to encrypt
-const key = 'base64-encoded-public-key' // replace with the Base64 encoded public key
-
-//Check if libsodium is ready and then proceed.
-sodium.ready.then(() => {
-  // Convert Secret & Base64 key to Uint8Array.
-  let binkey = sodium.from_base64(key, sodium.base64_variants.ORIGINAL)
-  let binsec = sodium.from_string(secret)
-
-  //Encrypt the secret using LibSodium
-  let encBytes = sodium.crypto_box_seal(binsec, binkey)
-
-  // Convert encrypted Uint8Array to Base64
-  let output = sodium.to_base64(encBytes, sodium.base64_variants.ORIGINAL)
-
-  console.log(output)
-});
-```
-
-**Example encrypting a secret using Python**
-
-Encrypt your secret using [pynacl](https://pynacl.readthedocs.io/en/latest/public/#nacl-public-sealedbox) with Python 3.
-
-```
-from base64 import b64encode
-from nacl import encoding, public
-
-def encrypt(public_key: str, secret_value: str) -> str:
-  """Encrypt a Unicode string using the public key."""
-  public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())
-  sealed_box = public.SealedBox(public_key)
-  encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
-  return b64encode(encrypted).decode("utf-8")
-```
-
-**Example encrypting a secret using C#**
-
-Encrypt your secret using the [Sodium.Core](https://www.nuget.org/packages/Sodium.Core/) package.
-
-```
-var secretValue = System.Text.Encoding.UTF8.GetBytes("mySecret");
-var publicKey = Convert.FromBase64String("2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvvcCU=");
-
-var sealedPublicKeyBox = Sodium.SealedPublicKeyBox.Create(secretValue, publicKey);
-
-Console.WriteLine(Convert.ToBase64String(sealedPublicKeyBox));
-```
-
-**Example encrypting a secret using Ruby**
-
-Encrypt your secret using the [rbnacl](https://github.com/RubyCrypto/rbnacl) gem.
-
-```ruby
-require "rbnacl"
-require "base64"
-
-key = Base64.decode64("+ZYvJDZMHUfBkJdyq5Zm9SKqeuBQ4sj+6sfjlH4CgG0=")
-public_key = RbNaCl::PublicKey.new(key)
-
-box = RbNaCl::Boxes::Sealed.from_public_key(public_key)
-encrypted_secret = box.encrypt("my_secret")
-
-# Print the base64 encoded secret
-puts Base64.strict_encode64(encrypted_secret)
-```
+You must authenticate using an access token with the `repo` scope to use this endpoint.
+GitHub Apps must have the `secrets` repository permission to use this endpoint.
+Authenticated users must have collaborator access to a repository to create, update, or read secrets.
 
 ```js
 octokit.rest.actions.createOrUpdateEnvironmentSecret({
@@ -123,7 +53,7 @@ The name of the secret.
 </td></tr>
 <tr><td>encrypted_value</td><td>yes</td><td>
 
-Value for your secret, encrypted with [LibSodium](https://libsodium.gitbook.io/doc/bindings_for_other_languages) using the public key retrieved from the [Get an environment public key](https://docs.github.com/rest/reference/actions#get-an-environment-public-key) endpoint.
+Value for your secret, encrypted with [LibSodium](https://libsodium.gitbook.io/doc/bindings_for_other_languages) using the public key retrieved from the [Get an environment public key](https://docs.github.com/rest/actions/secrets#get-an-environment-public-key) endpoint.
 
 </td></tr>
 <tr><td>key_id</td><td>yes</td><td>
@@ -134,4 +64,4 @@ ID of the key you used to encrypt the secret.
   </tbody>
 </table>
 
-See also: [GitHub Developer Guide documentation](https://docs.github.com/rest/reference/actions#create-or-update-an-environment-secret).
+See also: [GitHub Developer Guide documentation](https://docs.github.com/rest/actions/secrets#create-or-update-an-environment-secret).
diff --git a/docs/actions/createOrUpdateRepoSecret.md b/docs/actions/createOrUpdateRepoSecret.md
@@ -9,81 +9,11 @@ type: API method
 # Create or update a repository secret
 
 Creates or updates a repository secret with an encrypted value. Encrypt your secret using
-[LibSodium](https://libsodium.gitbook.io/doc/bindings_for_other_languages). You must authenticate using an access
-token with the `repo` scope to use this endpoint. GitHub Apps must have the `secrets` repository permission to use
-this endpoint.
+[LibSodium](https://libsodium.gitbook.io/doc/bindings_for_other_languages). For more information, see "[Encrypting secrets for the REST API](https://docs.github.com/rest/guides/encrypting-secrets-for-the-rest-api)."
 
-**Example encrypting a secret using Node.js**
-
-Encrypt your secret using the [libsodium-wrappers](https://www.npmjs.com/package/libsodium-wrappers) library.
-
-```
-const sodium = require('libsodium-wrappers')
-const secret = 'plain-text-secret' // replace with the secret you want to encrypt
-const key = 'base64-encoded-public-key' // replace with the Base64 encoded public key
-
-//Check if libsodium is ready and then proceed.
-sodium.ready.then(() => {
-  // Convert Secret & Base64 key to Uint8Array.
-  let binkey = sodium.from_base64(key, sodium.base64_variants.ORIGINAL)
-  let binsec = sodium.from_string(secret)
-
-  //Encrypt the secret using LibSodium
-  let encBytes = sodium.crypto_box_seal(binsec, binkey)
-
-  // Convert encrypted Uint8Array to Base64
-  let output = sodium.to_base64(encBytes, sodium.base64_variants.ORIGINAL)
-
-  console.log(output)
-});
-```
-
-**Example encrypting a secret using Python**
-
-Encrypt your secret using [pynacl](https://pynacl.readthedocs.io/en/latest/public/#nacl-public-sealedbox) with Python 3.
-
-```
-from base64 import b64encode
-from nacl import encoding, public
-
-def encrypt(public_key: str, secret_value: str) -> str:
-  """Encrypt a Unicode string using the public key."""
-  public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())
-  sealed_box = public.SealedBox(public_key)
-  encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
-  return b64encode(encrypted).decode("utf-8")
-```
-
-**Example encrypting a secret using C#**
-
-Encrypt your secret using the [Sodium.Core](https://www.nuget.org/packages/Sodium.Core/) package.
-
-```
-var secretValue = System.Text.Encoding.UTF8.GetBytes("mySecret");
-var publicKey = Convert.FromBase64String("2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvvcCU=");
-
-var sealedPublicKeyBox = Sodium.SealedPublicKeyBox.Create(secretValue, publicKey);
-
-Console.WriteLine(Convert.ToBase64String(sealedPublicKeyBox));
-```
-
-**Example encrypting a secret using Ruby**
-
-Encrypt your secret using the [rbnacl](https://github.com/RubyCrypto/rbnacl) gem.
-
-```ruby
-require "rbnacl"
-require "base64"
-
-key = Base64.decode64("+ZYvJDZMHUfBkJdyq5Zm9SKqeuBQ4sj+6sfjlH4CgG0=")
-public_key = RbNaCl::PublicKey.new(key)
-
-box = RbNaCl::Boxes::Sealed.from_public_key(public_key)
-encrypted_secret = box.encrypt("my_secret")
-
-# Print the base64 encoded secret
-puts Base64.strict_encode64(encrypted_secret)
-```
+You must authenticate using an access token with the `repo` scope to use this endpoint.
+GitHub Apps must have the `secrets` repository permission to use this endpoint.
+Authenticated users must have collaborator access to a repository to create, update, or read secrets.
 
 ```js
 octokit.rest.actions.createOrUpdateRepoSecret({
@@ -121,7 +51,7 @@ The name of the secret.
 </td></tr>
 <tr><td>encrypted_value</td><td>no</td><td>
 
-Value for your secret, encrypted with [LibSodium](https://libsodium.gitbook.io/doc/bindings_for_other_languages) using the public key retrieved from the [Get a repository public key](https://docs.github.com/rest/reference/actions#get-a-repository-public-key) endpoint.
+Value for your secret, encrypted with [LibSodium](https://libsodium.gitbook.io/doc/bindings_for_other_languages) using the public key retrieved from the [Get a repository public key](https://docs.github.com/rest/actions/secrets#get-a-repository-public-key) endpoint.
 
 </td></tr>
 <tr><td>key_id</td><td>no</td><td>
@@ -132,4 +62,4 @@ ID of the key you used to encrypt the secret.
   </tbody>
 </table>
 
-See also: [GitHub Developer Guide documentation](https://docs.github.com/rest/reference/actions#create-or-update-a-repository-secret).
+See also: [GitHub Developer Guide documentation](https://docs.github.com/rest/actions/secrets#create-or-update-a-repository-secret).
diff --git a/docs/actions/createOrgVariable.md b/docs/actions/createOrgVariable.md
@@ -9,8 +9,11 @@ type: API method
 # Create an organization variable
 
 Creates an organization variable that you can reference in a GitHub Actions workflow.
+
 You must authenticate using an access token with the `admin:org` scope to use this endpoint.
+If the repository is private, you must use an access token with the `repo` scope.
 GitHub Apps must have the `organization_actions_variables:write` organization permission to use this endpoint.
+Authenticated users must have collaborator access to a repository to create, update, or read variables.
 
 ```js
 octokit.rest.actions.createOrgVariable({

diff --git a/docs/actions/createRegistrationTokenForOrg.md b/docs/actions/createRegistrationTokenForOrg.md
@@ -11,8 +11,11 @@ type: API method
 Returns a token that you can pass to the `config` script. The token expires after one hour.
 
 You must authenticate using an access token with the `admin:org` scope to use this endpoint.
+If the repository is private, you must use an access token with the `repo` scope.
+GitHub Apps must have the `administration` permission for repositories and the `organization_self_hosted_runners` permission for organizations.
+Authenticated users must have admin access to repositories or organizations, or the `manage_runners:enterprise` scope for enterprises, to use these endpoints.
 
-#### Example using registration token
+Example using registration token:
 
 Configure your self-hosted runner, replacing `TOKEN` with the registration token provided by this endpoint.
 
@@ -45,4 +48,4 @@ The organization name. The name is not case sensitive.
   </tbody>
 </table>
 
-See also: [GitHub Developer Guide documentation](https://docs.github.com/rest/reference/actions#create-a-registration-token-for-an-organization).
+See also: [GitHub Developer Guide documentation](https://docs.github.com/rest/actions/self-hosted-runners#create-a-registration-token-for-an-organization).