docs(app-connections): explicitly state fine-grained PAT requirement for GitHub connection#6891
Conversation
…tion - Add a note at the top of the PAT tab clarifying that a fine-grained token is required and classic tokens are not supported - Update headings and instructions to say 'Fine-Grained' explicitly - Rename 'Select scopes' to 'Permissions > Repository permissions' to match the actual GitHub UI for fine-grained tokens - Add a warning that private repo access requires the token owner to have admin access on the repository Co-Authored-By: jake <jake@infisical.com>
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
|
Preview deployment for your docs. Learn more about Mintlify Previews.
💡 Tip: Enable Workflows to automatically generate PRs for you. |
|
| Filename | Overview |
|---|---|
| docs/integrations/app-connections/github.mdx | Documentation improvements to the PAT tab: adds a Note about fine-grained token requirement, updates headings and instructions to say "Fine-Grained", renames "Select scopes" to match the actual GitHub UI, and adds a Warning about admin access for private repos. |
Reviews (1): Last reviewed commit: "docs: explicitly state fine-grained PAT ..." | Re-trigger Greptile
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b1808d6d2a
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| - **Permissions:** Under **Repository permissions**, add the following: | ||
| - **Metadata**: Read-only | ||
| - **Environments**: Read and write | ||
| - **Secrets**: Read and write |
There was a problem hiding this comment.
When a PAT connection is used with GitHub Sync's Organization scope, this list only tells users to grant repository permissions, but the backend lists and writes org secrets through /orgs/{org}/actions/secrets (see GithubSyncFns in backend/src/services/secret-sync/github/github-sync-fns.ts). Fine-grained PATs need the organization-level Secrets permission for those endpoints, so tokens created from this guide can validate and list repos but fail during organization-level sync; please add the org Secrets permission/resource-owner instructions or mark the PAT guide as repository-scope only.
Useful? React with 👍 / 👎.
1 participant
Context
Community users reported confusion when setting up GitHub Sync via the PAT method — the requirement for a fine-grained Personal Access Token (as opposed to a classic token) was only apparent from the screenshots and not stated in the text. Additionally, users with private repos discovered the token owner needs admin access on the repository for it to appear in the sync destination list.
This PR updates the GitHub Connection docs (PAT tab) to:
Steps to verify the change
Type
Checklist
type(scope): short description(scope is optional, e.g.,fix: prevent crash on syncorfix(api): handle null response).Link to Devin session: https://app.devin.ai/sessions/d2951e412f754c25b6b56af91d89275e