[
https://issues.apache.org/jira/browse/YETUS-1011?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Allen Wittenauer updated YETUS-1011:
------------------------------------
Description:
GitHub's token scopes have all sorts of problems. Most people are better off
using a custom PAT (despite all the security issues...), but that won't help us
under GitHub Actions where the scopes change between forked and non-forked.
Worse, there doesn't appear to be a single API that can be used to determine
what is possible.
So rather than throw errors, do all the painful work to figure a) what kind of
token was passed and b) what functionality can be enabled.
Note: I've got a support ticket in with GitHub on this one.
was:
GitHub's token scopes have all sorts of problems. Most people are better off
using a custom PAT, but that won't help us under GitHub Actions where the
scopes change between forked and non-forked. Worse, there doesn't appear to be
a single API that can be used to determine what is possible.
So rather than throw errors, do all the painful work to figure a) what kind of
token was passed and b) what functionality can be enabled.
Note: I've got a support ticket in with GitHub on this one.
> Workaround GitHub's token scopes
> ---------------------------------
>
> Key: YETUS-1011
> URL: https://issues.apache.org/jira/browse/YETUS-1011
> Project: Yetus
> Issue Type: Improvement
> Components: Precommit
> Reporter: Allen Wittenauer
> Assignee: Allen Wittenauer
> Priority: Major
> Fix For: 0.13.0
>
>
> GitHub's token scopes have all sorts of problems. Most people are better off
> using a custom PAT (despite all the security issues...), but that won't help
> us under GitHub Actions where the scopes change between forked and
> non-forked. Worse, there doesn't appear to be a single API that can be used
> to determine what is possible.
> So rather than throw errors, do all the painful work to figure a) what kind
> of token was passed and b) what functionality can be enabled.
> Note: I've got a support ticket in with GitHub on this one.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
