Skip to content

docs(readme): GitHub PAT fine-grained works, and simplify the text #911

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

docs(readme): GitHub PAT fine-grained works, and simplify the text #911

wants to merge 1 commit into from

Conversation

@froblesmartin
Copy link
Contributor

@froblesmartin froblesmartin commented Feb 23, 2025

Fixes #898

froblesmartin
froblesmartin commented Feb 23, 2025
View reviewed changes
README.md
[Generate a Personal Access Token (classic)](https://github.com/settings/tokens), with the `repo:public_repo` scope for only public repositories or the `repo` scope for public and private repositories, and add it to _Secrets_ (repository settings) as `RENOVATE_TOKEN`.
[Generate a GitHub Personal Access Token (fine-grained is recommended)](https://github.com/settings/tokens) (see the [GitHub authentication docs](https://docs.renovatebot.com/modules/platform/github/#authentication)) and add it to _Secrets_ (repository settings) as `RENOVATE_TOKEN`.
You can also create a token without a specific scope, which gives read-only access to public repositories, for testing.
This token is only used by Renovate, see the [token configuration](https://docs.renovatebot.com/self-hosted-configuration/#token), and gives it access to the repositories.
Copy link
Contributor Author

@froblesmartin froblesmartin Feb 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@viceice let me know if this line is really useful, AFAIK it doesn't really explain anything 🤷

rarkins
rarkins suggested changes Feb 23, 2025
View reviewed changes
README.md
The name of the secret can be anything as long as it matches the argument given to the `token` option.

Note that Renovate _cannot_ currently use [Fine-grained Personal Access Tokens](https://github.com/settings/tokens?type=beta) since they do not support the GitHub GraphQL API, yet.
The secret's name can be anything if it matches the argument given to the `token` option.
Copy link
Contributor

@rarkins rarkins Feb 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What does this mean?

Copy link
Contributor Author

@froblesmartin froblesmartin Feb 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That line was there before 🤷 .

My understanding of it is that, when using this GitHub Action, you can call the GitHub Secret however you want, as long as you pass it to the token input. E.g.:

      - name: Self-hosted Renovate
        uses: renovatebot/[email protected]
        with:
          docker-user: root
          token: ${{ secrets.MY_SUPER_RENOVATE_TOKEN_WITH_MY_OWN_NAME_YAY }}

@froblesmartin froblesmartin requested a review from rarkins July 24, 2025 08:41
viceice
viceice requested changes Sep 3, 2025
View reviewed changes
Copy link
Member

@viceice viceice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fine grained pat doesn't has access to checks API, so it's pretty useless to renovate

@froblesmartin
Copy link
Contributor Author

froblesmartin commented Sep 3, 2025

fine grained pat doesn't has access to checks API, so it's pretty useless to renovate

Why is that required always? Using it to open PRs with the updates, at least without auto-merge, it does not need to use the Checks API AFAIK 🤔

@viceice
Copy link
Member

viceice commented Sep 11, 2025

fine grained pat doesn't has access to checks API, so it's pretty useless to renovate

Why is that required always? Using it to open PRs with the updates, at least without auto-merge, it does not need to use the Checks API AFAIK 🤔

Then please add a note, that automerge isn't possible with those PAT's. Otherwise users would expect those PAT's are a full drop-in replacement

@viceice viceice removed the request for review from rarkins September 11, 2025 21:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@viceice viceice viceice requested changes

+1 more reviewer

@rarkins rarkins rarkins requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Docs: fine grained PAT's are now supported

3 participants

@froblesmartin @viceice @rarkins