You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Here is an incomplete list of workflows that currently use PATs. It is not complete because I don't have all official repositories tapped. The list is relative to HOMEBREW_REPOSITORY.
Verification
brew install wget
. If they do, open an issue at https://github.com/Homebrew/homebrew-core/issues/new/choose instead.Provide a detailed description of the proposed feature
We should replace usage of PATs (e.g.
HOMEBREW_GITHUB_PUBLIC_REPO_TOKEN
) with GitHub App tokens. We can use this action to simplify its usage: https://github.com/actions/create-github-app-tokenWhat is the motivation for the feature?
GitHub App tokens are ephemeral, which limits the blast radius when they get leaked.
How will the feature be relevant to at least 90% of Homebrew users?
This will make our CI more secure, which is relevant to 100% of Homebrew users.
What alternatives to the feature have been considered?
Continuing to use PATs.
The text was updated successfully, but these errors were encountered: