Skip to content

docs(readme): GitHub PAT fine-grained works, and simplify the text #911

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
froblesmartin wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

docs(readme): GitHub PAT fine-grained works, and simplify the text #911

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 2 additions & 5 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -165,12 +165,9 @@ container to the docker group for socket permissions.

### `token`

[Generate a Personal Access Token (classic)](https://github.com/settings/tokens), with the `repo:public_repo` scope for only public repositories or the `repo` scope for public and private repositories, and add it to _Secrets_ (repository settings) as `RENOVATE_TOKEN`.
[Generate a GitHub Personal Access Token (fine-grained is recommended)](https://github.com/settings/tokens) (see the [GitHub authentication docs](https://docs.renovatebot.com/modules/platform/github/#authentication)) and add it to _Secrets_ (repository settings) as `RENOVATE_TOKEN`.
You can also create a token without a specific scope, which gives read-only access to public repositories, for testing.
This token is only used by Renovate, see the [token configuration](https://docs.renovatebot.com/self-hosted-configuration/#token), and gives it access to the repositories.
Copy link
Contributor Author

@froblesmartin froblesmartin Feb 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@viceice let me know if this line is really useful, AFAIK it doesn't really explain anything 🤷

The name of the secret can be anything as long as it matches the argument given to the `token` option.

Note that Renovate _cannot_ currently use [Fine-grained Personal Access Tokens](https://github.com/settings/tokens?type=beta) since they do not support the GitHub GraphQL API, yet.
The secret's name can be anything if it matches the argument given to the `token` option.
Copy link
Contributor

@rarkins rarkins Feb 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What does this mean?

Copy link
Contributor Author

@froblesmartin froblesmartin Feb 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That line was there before 🤷 .

My understanding of it is that, when using this GitHub Action, you can call the GitHub Secret however you want, as long as you pass it to the token input. E.g.:

      - name: Self-hosted Renovate
        uses: renovatebot/[email protected]
        with:
          docker-user: root
          token: ${{ secrets.MY_SUPER_RENOVATE_TOKEN_WITH_MY_OWN_NAME_YAY }}


Note that the [`GITHUB_TOKEN`](https://help.github.com/en/actions/configuring-and-managing-workflows/authenticating-with-the-github_token#permissions-for-the-github_token) secret can't be used for authenticating Renovate because it has too restrictive permissions.
In particular, using the `GITHUB_TOKEN` to create a new `Pull Request` from more types of Github Workflows results in `Pull Requests` that [do not trigger your `Pull Request` and `Push` CI events](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow).
Expand Down
Loading