Read GitHub Packages permission for GitHub App? #24636
-
Hello, I’m looking at the list of permissions that an App can be granted and I can’t see one which would allow my app to fetch packages from a repo. Is there a permission I can grant my app to fetch packages from repos/orgs it’s installed into? |
Beta Was this translation helpful? Give feedback.
Replies: 15 comments 15 replies
-
👋 Hello, @dgholz ! Welcome to the GitHub Community Forum––we’re glad to see you post this question here. 👍 Permissions on “packages” is not currently available for all1 GitHub Apps (see We’re always working to improve GitHub and the GitHub Support Community, and we consider every suggestion we receive. Would you mind submitting this through our official product feedback form so that our product team can track your request? It may be worth noting that you can use either of these tokens to authenticate with GitHub Packages:
We hope this helps! 1 At this time of writing, the |
Beta Was this translation helpful? Give feedback.
-
Thanks, that’s helpful. I used an Action and its token to fetch packages from my org, but I see today that it’s failing to see private packages (published on other repos in our org). Last week it was working fine, was the scope of the token’s access to GitHub Packages changed recently? |
Beta Was this translation helpful? Give feedback.
-
Would love to actually see GitHub Applications have permissions to Read/Write to packages. We are currently trying to leverage the Additionally in the workflow we did set the package permission to write and it was still unable to download the package. |
Beta Was this translation helpful? Give feedback.
-
Github Support confirmed that it is still not possible to authenticate with a GitHub App token on the GitHub Package Registry:
|
Beta Was this translation helpful? Give feedback.
-
We are having this issue as well. We want to use a git hub app generated token to download packages from our private repositories and it is not working. |
Beta Was this translation helpful? Give feedback.
-
Also having this issue, would love a resolution - anything in the pipeline to fix this?? |
Beta Was this translation helpful? Give feedback.
-
this is an example of usage: https://github.com/orgs/community/discussions/78090 need permissions to access org packages. |
Beta Was this translation helpful? Give feedback.
-
This is also presenting a problem for me as well. It seems odd that the app token can be used to pull down release binaries but can't pull down packages. |
Beta Was this translation helpful? Give feedback.
-
Same problem here, spoke with enterprise support today and seems odd that one should use a personal access token instead of an app. Suggestion for support was that this is till the only option available with the added burden that a PAT can only be usable with a seat and you pay for a seat! Plus: for GitHub Apps, the rate limit is 15,000 requests per hour. However, if you're using a PAT, the rate limit is 5,000 requests per hour. I would love to see Github to action a resolution for such a significant limitation in its roadmap. |
Beta Was this translation helpful? Give feedback.
-
Hi, same problems here. Generated tokens from Github App can't pull from $ gh token generate --key private-key.pem --app-id <redacted>
{
"token": "ghs_<redacted>",
"expires_at": "2024-06-11T15:50:57Z",
"permissions": {
"actions": "write",
"contents": "write",
"metadata": "read",
"packages": "write",
"workflows": "write"
}
} In the logs we can see that. docker: Error response from daemon: denied. But it might be due to the |
Beta Was this translation helpful? Give feedback.
-
Who is really using GitHub packages ? With the lack of correct permission management, it's just not acceptable to use in any enterprise with a minimum security level required by the business/clients. It's just for public packages for now. |
Beta Was this translation helpful? Give feedback.
-
I think this is on purpose, to keep people using Github workflow to build
Github repo.
…On Mon, Jul 1, 2024 at 10:15 AM Ben ***@***.***> wrote:
This discussion demonstrates you can't automate much atop github package
registry, as it remains manual.
For internal tooling, many might want to have it all managed at the same
place
—
Reply to this email directly, view it on GitHub
<#24636 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHMU2QFLYOOGGBG2IZRMQN3ZKFQBVAVCNFSM6AAAAAAZDU3KDOVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4TSMRWGE4TS>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
+1 Really silly that my GitHub app can do everything it needs to using its own access token, except read packages! |
Beta Was this translation helpful? Give feedback.
-
Saw this Could it be that this is now "half way" implemented? |
Beta Was this translation helpful? Give feedback.
-
What are the current options for organizations with multiple private repository packages:
|
Beta Was this translation helpful? Give feedback.
👋 Hello, @dgholz ! Welcome to the GitHub Community Forum––we’re glad to see you post this question here. 👍
Permissions on “packages” is not currently available for all1 GitHub Apps (see
GitHub Apps Permissions
for more details).We’re always working to improve GitHub and the GitHub Support Community, and we consider every suggestion we receive. Would you mind submitting this through our official product feedback form so that our product team can track your request?
It may be worth noting that you can use either of these tokens to authenticate with GitHub Packages:
read:packages
scope.GITHUB_TOKEN
that GitHub automatically creates for your repository…