Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gitlab Integration - Personal Access Token permission requirements #3190

Open
Rohaq opened this issue May 20, 2024 · 5 comments
Open

Gitlab Integration - Personal Access Token permission requirements #3190

Rohaq opened this issue May 20, 2024 · 5 comments
Labels
good first issue help wanted

Comments

@Rohaq
Copy link

Rohaq commented May 20, 2024

As referenced in this thread: #2714 (reply in thread)

There's currently no documentation or guidance in the UI for what the minimum Access Token permissions required are for the Gitlab integration.

It's good security practice to restrict permissions on these access tokens, even for local applications, in order to mitigate any damage that could be done if they were ever leaked.

Could these permissions be determined, and added to documentation? I'd also suggest displaying these in the config UI in a future release.

Screenshot of available permissions on Gitlab.com:
image
@github-actions GitHub Actions
Copy link

Thank you very much for opening up this issue! I am currently a bit overwhelmed by the many requests that arrive each week, so please forgive me, if I fail to respond personally. I am still very likely to at least skim read your request and I'll probably try to fix all (real) bugs if possible and I will likely review every single PR being made (please, give me a heads up if you intent to do so) and I will try to work on popular requests (please upvote via thumbs up on the original issue) whenever possible, but trying to respond to every single issue over the last years has been kind of draining and I need to adjust my approach for this project to remain fun for me and to make any progress with actually coding new stuff. Thanks for your understanding!

@github-actions GitHub Actions
Copy link

Hello there Rohaq! 👋

Thank you and congratulations 🎉 for opening your very first issue in this project! 💖

In case you want to claim this issue, please comment down below! We will try to get back to you as soon as we can. 👀

For more open ended discussions and/or specific questions, please visit the discussions page. 💖

@Rohaq
Copy link
Author

Rohaq commented May 20, 2024

Link to the Gitlab Documentation on Access Token permissions:
https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#personal-access-token-scopes

@Rohaq
Copy link
Author

Rohaq commented May 20, 2024

Gitlab also offers project level access tokens too. It's probably worth also including the project roles that the token might need too.

image

image

@johannesjo
Copy link
Owner

Makes sense to provide some documentation about this somewhere. Best place is probably somewhere here on github, so updates are easily accessible to everyone. Maybe docs/github-access-token-instructions.md is a good place.

Help with putting these together would be much appreciated! Any volunteers? :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Rohaq @johannesjo