Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Private Packages and run with Actions: Use GITHUB_TOKEN with packages read scope #11146

Open
1 task done
hfhbd opened this issue Dec 17, 2024 · 0 comments
Open
1 task done

Private Packages and run with Actions: Use GITHUB_TOKEN with packages read scope #11146

hfhbd opened this issue Dec 17, 2024 · 0 comments
Labels
L: java:maven Maven packages via Maven T: feature-request Requests for new features

Comments

@hfhbd
Copy link
Contributor

hfhbd commented Dec 17, 2024
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Feature description

To support private GitHub Packages registries (like maven), you need to create a PAT and store it in Dependabot secrets. But Dependabot already uses GitHub Actions containing the GITHUB_TOKEN. So, instead of using a PAT, it should be possible to use the GITHUB_TOKEN with packages read scope.

Use-case:
We want to get rid of long-living PATs created by users and use rotating/short living tokens provided by GitHub.
@hfhbd hfhbd added the T: feature-request Requests for new features label Dec 17, 2024
@github-actions github-actions bot added the L: java:maven Maven packages via Maven label Dec 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
L: java:maven Maven packages via Maven T: feature-request Requests for new features
Projects
Dependabot
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hfhbd