Что такое github token
Перейти к содержимому

Что такое github token

  • автор:

Как использовать токен для Github Actions с приватными репозиториями

В этом руководстве я покажу, как использовать API, который нам предлагает GitHub через свой токен, чтобы применить Action для непрерывного развертывания приватных репозиториев.

Создание токена

Откройте настройки вашего аккаунта.

Выберите пункт меню Developer settings.

Кликните на опцию Personal access tokens.

Нажмите на кнопку generate new token, затем скопируйте и сохраните его для дальнейшего использования.

Создание секретных ключей

Откройте настройки нашего проекта и нажмите на раздел Secrets. В моем случае у меня уже есть следующие секретные ключи:

URL репозитория по API

Для загрузки последних изменений из приватного репозитория мы будем использовать GitHub API вместе с нашим ранее сгенерированным и настроенным токеном, выглядит это следующим образом:

git pull https://$>:x-oauth-basic@github.com/susomejias/portfolio.git master

Пример разворачивания на VPS

  • В нашем проекте мы создаём папку с названием .github , а в папке под названием workflows будут содержаться файлы для наших Actions.
  • В данном примере мы создаём файл ci.yml , который содержит функциональность нашего Action.
  • В моем случае я показываю вам пример Action, который я использую для развертывания своего портфолио:
name: CI on: [push] jobs: deploy: if: github.ref == 'refs/heads/master' runs-on: ubuntu-latest steps: - uses: actions/checkout@master - name: Push to server uses: appleboy/ssh-action@master with: host: $> username: $> password: $> script: cd $> && git pull https://$>:x-oauth-basic@github.com/susomejias/portfolio.git master && npm install && ng build --prod && cp htaccess dist/portfolio/

Проверка работы

Выполните загрузку для проверки нового Action:

Что такое токен на Github?

Что такое токен на Github? Для чего он нужен? Например для чего создавать токен при пользовании Gist и синхронизации работы Sublime text 3 c Github Gist?

  • Вопрос задан более трёх лет назад
  • 1924 просмотра

1 комментарий

Простой 1 комментарий

Muriam @Muriam Автор вопроса

Если, при генерации токена, я выберу галочки напротив repo и gist, что я этим подтверждаю? Это платно? Я хочу связать работу sublime text 3 и github.

Решения вопроса 1
php, js (es6), golang, symfony, react

Токен гарантирует что вы это вы. При этом пароль от GitHub вводить в других местах не нужно. Прочитайте подробнее про OAuth2.0

Ответ написан более трёх лет назад
Нравится 1 2 комментария
Muriam @Muriam Автор вопроса

5c95db1a40c2d793803686.png5c95db296b074286406630.png
Если я выбираю, при создании токена. галочки repo и gist, что я этим подтверждаю? Это платно?

Muriam @Muriam Автор вопроса
@ukko
похоже здесь есть ответ на вопрос
https://habr.com/ru/company/mailru/blog/115163/
Ответы на вопрос 0
Ваш ответ на вопрос

Войдите, чтобы написать ответ

github

  • GitHub

Как иметь в репозитории 2 ветки и не получать уведомление «Compare & pull request»?

  • 1 подписчик
  • вчера
  • 60 просмотров

Управление личными маркерами доступа

You can use a personal access token in place of a password when authenticating to GitHub in the command line or with the API.

Warning: Treat your access tokens like passwords. For more information, see «Keeping your personal access tokens secure.»

About personal access tokens

Personal access tokens are an alternative to using passwords for authentication to GitHub Enterprise Server when using the GitHub API or the command line.

Personal access tokens are intended to access GitHub resources on behalf of yourself. To access resources on behalf of an organization, or for long-lived integrations, you should use a GitHub App. For more information, see «About creating GitHub Apps.»

Creating a personal access token

Screenshot of a user's account menu on GitHub. The menu item

  1. In the upper-right corner of any page, click your profile photo, then click Settings.

Screenshot of the

.

Deleting a personal access token

Screenshot of a user's account menu on GitHub. The menu item

  1. In the upper-right corner of any page, click your profile photo, then click Settings.

Using a personal access token on the command line

Once you have a personal access token, you can enter it instead of your password when performing Git operations over HTTPS.

For example, to clone a repository on the command line you would enter the following git clone command. You would then be prompted to enter your username and password. When prompted for your password, enter your personal access token instead of a password.

$ git clone https://HOSTNAME/USERNAME/REPO.git Username: YOUR_USERNAME Password: YOUR_PERSONAL_ACCESS_TOKEN 

Personal access tokens can only be used for HTTPS Git operations. If your repository uses an SSH remote URL, you will need to switch the remote from SSH to HTTPS.

If you are not prompted for your username and password, your credentials may be cached on your computer. You can update your credentials in the Keychain to replace your old password with the token.

Instead of manually entering your personal access token for every HTTPS Git operation, you can cache your personal access token with a Git client. Git will temporarily store your credentials in memory until an expiry interval has passed. You can also store the token in a plain text file that Git can read before every request. For more information, see «Caching your GitHub credentials in Git.»

Further reading

  • «About authentication to GitHub»
  • «Token expiration and revocation»

Управление личными маркерами доступа

You can use a personal access token in place of a password when authenticating to GitHub in the command line or with the API.

Warning: Treat your access tokens like passwords. For more information, see «Keeping your personal access tokens secure.»

About personal access tokens

Personal access tokens are an alternative to using passwords for authentication to GitHub when using the GitHub API or the command line.

Personal access tokens are intended to access GitHub resources on behalf of yourself. To access resources on behalf of an organization, or for long-lived integrations, you should use a GitHub App. For more information, see «About creating GitHub Apps.»

Types of personal access tokens

GitHub currently supports two types of personal access tokens: fine-grained personal access tokens and personal access tokens (classic). GitHub recommends that you use fine-grained personal access tokens instead of personal access tokens (classic) whenever possible.

Both fine-grained personal access tokens and personal access tokens (classic) are tied to the user who generated them and will become inactive if the user loses access to the resource.

Organization owners can set a policy to restrict the access of personal access tokens (classic) to their organization. For more information, see «Setting a personal access token policy for your organization.»

Fine-grained personal access tokens

Fine-grained personal access tokens have several security advantages over personal access tokens (classic):

  • Each token can only access resources owned by a single user or organization.
  • Each token can only access specific repositories.
  • Each token is granted specific permissions, which offer more control than the scopes granted to personal access tokens (classic).
  • Each token must have an expiration date.
  • Organization owners can require approval for any fine-grained personal access tokens that can access resources in the organization.
Personal access tokens (classic)

Personal access tokens (classic) are less secure. However, some features currently will only work with personal access tokens (classic):

  • Only personal access tokens (classic) have write access for public repositories that are not owned by you or an organization that you are not a member of.
  • Outside collaborators can only use personal access tokens (classic) to access organization repositories that they are a collaborator on.
  • Some REST API operations are not available to fine-grained personal access tokens. For a list of REST API operations that are supported for fine-grained personal access tokens, see «Endpoints available for fine-grained personal access tokens».

If you choose to use a personal access token (classic), keep in mind that it will grant access to all repositories within the organizations that you have access to, as well as all personal repositories in your personal account.

As a security precaution, GitHub automatically removes personal access tokens that haven’t been used in a year. To provide additional security, we highly recommend adding an expiration to your personal access tokens.

Keeping your personal access tokens secure

Personal access tokens are like passwords, and they share the same inherent security risks. Before creating a new personal access token, consider if there is a more secure method of authentication available to you:

  • To access GitHub from the command line, you can use GitHub CLI or Git Credential Manager instead of creating a personal access token.
  • When using a personal access token in a GitHub Actions workflow, consider whether you can use the built-in GITHUB_TOKEN instead. For more information, see «Automatic token authentication.»

If these options are not possible, and you must create a personal access token, consider using another CLI service to store your token securely.

When using a personal access token in a script, you can store your token as a secret and run your script through GitHub Actions. For more information, see «Using secrets in GitHub Actions.» You can also store your token as a Codespaces secret and run your script in Codespaces. For more information, see «Managing secrets for your codespaces.»

For more information about best practices, see «Keeping your API credentials secure.»

Creating a fine-grained personal access token

Note: Fine-grained personal access token are currently in beta and subject to change. To leave feedback, see the feedback discussion.

Screenshot of a user's account menu on GitHub. The menu item

  1. Verify your email address, if it hasn’t been verified yet.
  2. In the upper-right corner of any page, click your profile photo, then click Settings.

If you selected an organization as the resource owner and the organization requires approval for fine-grained personal access tokens, then your token will be marked as pending until it is reviewed by an organization administrator. Your token will only be able to read public resources until it is approved. If you are an owner of the organization, your request is automatically approved. For more information, see «Reviewing and revoking personal access tokens in your organization.»

Creating a personal access token (classic)

Note: Organization owners can restrict the access of personal access token (classic) to their organization. If you try to use a personal access token (classic) to access resources in an organization that has disabled personal access token (classic) access, your request will fail with a 403 response. Instead, you must use a GitHub App, OAuth app, or fine-grained personal access token.

Note: Your personal access token (classic) can access every repository that you can access. GitHub recommends that you use fine-grained personal access tokens instead, which you can restrict to specific repositories. Fine-grained personal access tokens also enable you to specify fine-grained permissions instead of broad scopes.

Screenshot of a user's account menu on GitHub. The menu item

  1. Verify your email address, if it hasn’t been verified yet.
  2. In the upper-right corner of any page, click your profile photo, then click Settings.

Screenshot of the

.

Deleting a personal access token

Screenshot of a user's account menu on GitHub. The menu item

  1. In the upper-right corner of any page, click your profile photo, then click Settings.

Using a personal access token on the command line

Once you have a personal access token, you can enter it instead of your password when performing Git operations over HTTPS.

For example, to clone a repository on the command line you would enter the following git clone command. You would then be prompted to enter your username and password. When prompted for your password, enter your personal access token instead of a password.

$ git clone https://github.com/USERNAME/REPO.git Username: YOUR_USERNAME Password: YOUR_PERSONAL_ACCESS_TOKEN 

Personal access tokens can only be used for HTTPS Git operations. If your repository uses an SSH remote URL, you will need to switch the remote from SSH to HTTPS.

If you are not prompted for your username and password, your credentials may be cached on your computer. You can update your credentials in the Keychain to replace your old password with the token.

Instead of manually entering your personal access token for every HTTPS Git operation, you can cache your personal access token with a Git client. Git will temporarily store your credentials in memory until an expiry interval has passed. You can also store the token in a plain text file that Git can read before every request. For more information, see «Caching your GitHub credentials in Git.»

Further reading

  • «About authentication to GitHub»
  • «Token expiration and revocation»

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *