Skip to content

chore: update README #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Mar 21, 2025
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 59 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,67 @@ jobs:

Thanks for your first contribution, @{{username}}. We're glad you're here.
secrets:
token: ${{ secrets.GITHUB_TOKEN }}
token: ${{ secrets.GH_PAT }}
```

## How to Create a Personal Access Token (PAT)

Creating a Personal Access Token (PAT) for GitHub is a straightforward process:

1. **Log in to your GitHub account**
2. **Go to your Settings**:
- Click on your profile photo in the top-right corner
- Select "Settings" from the dropdown menu
3. **Navigate to Developer settings**:
- Scroll down to the bottom of the sidebar
- Click on "Developer settings"
4. **Select Personal access tokens**:
- Click on "Personal access tokens"
- Choose "Fine-grained tokens" or "Tokens (classic)" depending on your needs

### Required Permissions for Fine-grained Tokens

When creating a fine-grained personal access token, you'll need to configure the following permissions:

**Repository permissions:**
- **Contents**: Read (to access repository content)
- **Pull requests**: Read and Write (to read PR details and add comments)
- **Issues**: Read and Write (for commenting, as GitHub treats PR comments as issue comments)
- **Metadata**: Read (required for most API operations)

**Organization permissions:**
- **Members**: Read (to check if the PR author is an organization member)

5. **Generate a new token**:
- Click "Generate new token"
6. **Configure token settings**:
- Add a descriptive note to remember what this token is for (e.g., "Auto Comments Workflow")
- Set an expiration date (consider security implications)
- Select the repositories that will use this token
- Select the permissions listed above
7. **Generate the token**:
- Click "Generate token" at the bottom
8. **Copy your token**:
- **IMPORTANT**: Copy the token immediately as you won't be able to see it again

After generating the token, you need to add it as a repository secret:

### Adding Repository Secrets

1. Go to your repository
2. Click on "Settings"
3. In the left sidebar, click on "Secrets and variables" → "Actions"
4. Click "New repository secret"
5. Name the secret `GH_PAT` (to match the example-usage.yml)
- **Note**: Secret names must NOT start with `GITHUB_` as this prefix is reserved by GitHub
6. Paste your token value
7. Click "Add secret"

### References
For more detailed information about GitHub tokens and permissions, refer to the [GitHub documentation on fine-grained personal access tokens](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#creating-a-fine-grained-personal-access-token).

For more information about using secrets in GitHub Actions, see [GitHub's documentation on using secrets in GitHub Actions](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions).

## Workflow Updates and Versioning

This workflow uses a reference to the branch (`@main`) rather than a specific version tag. This means:
Expand Down