1

I'm building a CLI which triggers an Action (using workflow_dispatch) in my repository. I'm using Github API to perform this task. Taken from the docs:

You must authenticate using an access token with the repo scope to use this endpoint.

I've generated a PAT with repo scope to authenticate myself. I want users to run this CLI. Is it safe to share this PAT (which has repo as the only scope)?

p.s. I know it is ironical to ask if "Personal"-access-token can be "shared". But I don't see any problem it can cause with its limited scope.

Adarsh TS
  • 193
  • 15

1 Answers1

3

I don't think it is a good idea. Repo scope is not limited to only one repo.

If you want to trigger actions by external users, your best bet would probably be to create a workflow running on PR or Issue events.

  • Allow your users to create issues
  • Monitor keywords or label on the issue
  • Trigger your action.
Dharman
  • 30,962
  • 25
  • 85
  • 135
Romain Prévost
  • 513
  • 2
  • 12