Announcing changes to permissions for packages.
We are restricting the refs REST API endpoint from accepting POSTs from users and apps that only have the permission to read and write packages. Previously, this endpoint accepted updates to both tags and branches.
If that ability is critical to your development flows you will now be required to add explicit contents permissions to create refs.
- Users will need to add the
public_reposcope to their PAT token.
Image may be NSFW.
Clik here to view.
- Apps will need to use the
read and writecontents permission.
Image may be NSFW.
Clik here to view.
- GitHub Actions customers will need to add
contents:writeto their workflow YAML.permissions: contents: write
A small cohort of customers relying on this flow have been notified of these changes and will have additional time to remediate.
We appreciate your feedback in GitHub's public feedback discussions.
The post Changes to token permission on packages appeared first on The GitHub Blog.
