-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document how to clone with a PAT as a read-only action #779
Comments
FYI: the documentation simply states: |
it looks like it requires to give the full "repo" scope, and not just repo:status, repo_deployment, public_repo, repo:invite, security_events ? |
Hello, I'm facing the exact same issue. I want to give the least permission (Read only on public and private repository) for an action using a PAT. Thanks |
After searching a bit I found that a basic minimal setup would be to use the same set of (restricted) permissions as the It means we can create a "fine-grained personal access token" with the |
@mifi , is that I'm seeing the same problem with fine grained PATs and When I use a FG PAT with Why do we need write access to do a read operation? |
correct. that's what worked for me. I only do a checkout though, nothing else fancy |
I even tried with full read + write for every permission and I still get that error. Are you by chance specifying a specific |
Clarification: I'm using this for a submodule which is a private repo. $ git submodule
COMMIT_HASH_REDACTED assets (heads/main) Here's my workflow:
|
I was able to get around this problem with classic tokens with "repo" permission. Unsure what's wrong with Fine-grained, but they are technically "Beta". |
+1 on @NorseGaud 's situation. I cannot get a checkout of a private repo as a submodule using FG PATs. Works fine with classic PATs and "Repo" permission. I wonder if this could have to do with the additional Organization settings recently added to allow/block/require approval for FG PATs in organizations? I set FG PATs to be allowed in my org, but I still get these "remote: Write access to repository not granted. " errors when trying to do read operations with this action. |
Same issue as @NorseGaud and @twistedpair have. Not able to get a checkout of private organization's repo despite having permission in FG PAT. |
https://stackoverflow.com/questions/42148841/github-clone-with-oauth-access-token/66156992#66156992 Apparently you need to set the username to |
Today I've created and configured a fine grained PAT on a GitHub organization level successfully. The only required permissions are read access to code and metadata. This issue seems to be resolved. Setting the token value as
|
So just leaving this here. I had the same issue when trying to checkout a private org repo in my workflow. I was using the latest I then found out that at the org level settings I had to enable FG permissions cause by default FG tokens do not have access to org repos. This way I was able to create an FG for that organization under the resources with just content and metadata read-only permissions This is the comment that helped me get there https://github.com/orgs/community/discussions/40910#discussioncomment-4454056 |
I came here because I have an org with two repos: If you have this problem in 2024, here's what worked for me:
|
+1 On this. It was really hard to find out how to do it. Docs really merit to be updated. |
|
I'm struggling to understand how I could simply clone repositories in an action, without using deploy keys because they have to be added in each repository to work.
PAT permissions are really not user-friendly, and I'd just like to have a simple read:repository permission to have the right to clone a repository's code.
I'm hitting the bug for cloning with a
token
defined:remote: Write access to repository not granted.
but I don't care about write access to that repository, with my PAT.Is this something possible with a PAT that can only clone and not push ?
The text was updated successfully, but these errors were encountered: