Skip to content

Commit 30c52dd

Browse files
legendecaslegendecas
committed
doc: document how to apply a token with github-nodejs-bot
1 parent f13df50 commit 30c52dd

File tree

1 file changed

+42
-0
lines changed

1 file changed

+42
-0
lines changed

APPLY_ACCESS_TOKEN.md

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
# Apply for a nodejs-github-bot token
2+
3+
Automation in the `nodejs` GitHub Organization may require access tokens to
4+
access permission scoped endpoints. In the case of such requirement, the access
5+
token can be requested to be created under the name of [`@nodejs-github-bot`][].
6+
7+
Creating classic tokens for [`@nodejs-github-bot`][] is not permitted, only
8+
fine-grained tokens are allowed.
9+
10+
To create a fine-grained access token for [`@nodejs-github-bot`][], follow the
11+
steps as:
12+
13+
1. Submit a PR to add the requested repo in the registry below, and describe
14+
expected permission scopes.
15+
1. A TSC member or a build WG member (who has access to the [`@nodejs-github-bot`][]
16+
account) needs to take following action:
17+
1. Create the fine-grained token at https://github.com/settings/personal-access-tokens/new
18+
in the account [`@nodejs-github-bot`][], with "Resource owner" to be
19+
`nodejs`, "Only select repositories" to be the requested repository,
20+
and requested permission scopes only.
21+
1. Save the token as a repository secret at `https://github.com/<org>/<repo>/settings/secrets/actions`,
22+
do not reveal the token to the anyone in plaintext.
23+
1. Land the PR.
24+
25+
Fine-grained tokens created with access to https://github.com/nodejs resources will
26+
be audited at https://github.com/organizations/nodejs/settings/personal-access-tokens/active.
27+
28+
## Registry
29+
30+
The "repo" is a string of the GitHub `<owner>/<repo>`. Generally, the token should
31+
only be created for repo in the https://github.com/nodejs organization.
32+
33+
The "Secret name" is a string that the token can be referenced in the GitHub Action
34+
scripts. Like a token name of `RELEASE_PLEASE_TOKEN` can be accessed from the script
35+
as `${{ secrets.RELEASE_PLEASE_TOKEN }}`.
36+
37+
Repo | Secret name
38+
--- | ---
39+
nodejs/import-in-the-middle | RELEASE_PLEASE_GITHUB_TOKEN
40+
41+
42+
[`@nodejs-github-bot`]: https://github.com/nodejs-github-bot

0 commit comments

Comments
 (0)