You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Summary:
I’d like to use a GitHub App token instead of a Personal Access Token (PAT) when running lowlighter/metrics.
The goal is to avoid relying on a long-lived PAT and instead use the more secure, short-lived tokens generated by a GitHub App installation.
❓ Question
Is it possible to authenticate lowlighter/metrics using a GitHub App token?
If so, how should the GitHub App be configured (permissions, installation setup, etc.) to work correctly with the Metrics action?
I’m mainly trying to understand which permissions/scopes the GitHub App needs.
So far, I created a GitHub App with the following permissions:
Repository permissions
Contents: Read-only
Metadata: Read-only
Packages: Read-only
Projects: Read-only
Account permissions
Followers: Read-only
Gists: Read and write
Profile: Read and write
Starring: Read-only
Watching: Read-only
Here you can see how I integrated it into my workflow, and here you can find the results. As you can see, several information are gone, e.g. packages or other public repos.
🧩 Context
Right now, the docs mostly describe using a Personal Access Token with repo and read:user scopes.
However, GitHub App tokens are more secure and automatically rotated, which would make setup and maintenance easier.
Would love some guidance (or examples) if this is supported - or confirmation if it isn’t currently possible.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Summary:
I’d like to use a GitHub App token instead of a Personal Access Token (PAT) when running
lowlighter/metrics.The goal is to avoid relying on a long-lived PAT and instead use the more secure, short-lived tokens generated by a GitHub App installation.
❓ Question
Is it possible to authenticate
lowlighter/metricsusing a GitHub App token?If so, how should the GitHub App be configured (permissions, installation setup, etc.) to work correctly with the Metrics action?
I’m mainly trying to understand which permissions/scopes the GitHub App needs.
So far, I created a GitHub App with the following permissions:
Here you can see how I integrated it into my workflow, and here you can find the results. As you can see, several information are gone, e.g. packages or other public repos.
🧩 Context
Right now, the docs mostly describe using a Personal Access Token with
repoandread:userscopes.However, GitHub App tokens are more secure and automatically rotated, which would make setup and maintenance easier.
Would love some guidance (or examples) if this is supported - or confirmation if it isn’t currently possible.
Thanks for your work on this project!
Beta Was this translation helpful? Give feedback.
All reactions