Conversation
| @@ -45,6 +45,7 @@ permission scope changes. The PR should describe the permission scopes requested | |||
| Repo | Secret name | Expiration date | Pull Request | | |||
| --- | --- | --- | --- | | |||
| [`nodejs/import-in-the-middle`][] | `RELEASE_PLEASE_GITHUB_TOKEN` | 2025-07-23 | <https://github.com/nodejs/admin/pull/902> | | |||
There was a problem hiding this comment.
fwiw I renamed this secret to RELEASE_PLEASE_GITHUB_TOKEN - iitm (in the bot's settings, not in the repo) to make it recognizable. I didn't know about this registry.
There was a problem hiding this comment.
It would be worth documenting what string to use on the bot's settings side (e.g. <name of the repo>: <Secret name>)
There was a problem hiding this comment.
yeah, there are others like https://github.com/nodejs/remark-preset-lint-node that probably need a similar token, but probably shouldn't be the same one I guess this is just the repo Secret Name, so maybe there isn't a collision
|
By the way I think simply reusing the GITHUB_TOKEN can solve most permission issues? The permission of that token is defined directly in the workflow files, see https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#permissions so there won't be a need to request for a new token if it's used. |
|
@joyeecheung using the |
|
Oh I see it's specific to release-please https://github.com/googleapis/release-please-action?tab=readme-ov-file#github-credentials |
|
Hello everyone, thank you for your support! |
6 participants
The requested token should have the following permissions:
https://github.com/googleapis/release-please-action?tab=readme-ov-file#workflow-permissions
Fixes: #914