Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit02a4add

Browse files
authored
GitHub fine grained token (#620)
* Update git token scopesAdded --skip-permission-validation to git provider flags, and runtime and pat scopes for fine-grained tokens* Update hybrid-gitops.md* Update git tokensAdded fine-grained token permissions and updated skip-token-validation flag desc* Update note for skip token validationUpdated note with info and added repo access options to fine-grained git token* Update hybrid-gitops.md* Minor content updates
1 parent0529787 commit02a4add

File tree

3 files changed

+38
-19
lines changed

3 files changed

+38
-19
lines changed

‎_docs/installation/gitops.md‎

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,10 +5,10 @@ group: installation
55
toc:true
66
---
77

8-
Codefreshhas several modes for working with GitOps applications
8+
Codefreshsupports several modes for working with GitOps applications.
99

1010
* The easiest way to get started is to use[a hosted GitOps runtime]({{site.baseurl}}/docs/installation/gitops/hosted-runtime/)
11-
* You can install[your own GitOps runtime]({{site.baseurl}}/docs/installation/gitops/hybrid-gitops/). in your own cluster
12-
* You can add[external clusters]({{site.baseurl}}/docs/installation/gitops/managed-cluster/) to any runtime (hosted or private)
11+
* Alternatively, you can install[a hybrid GitOps runtime]({{site.baseurl}}/docs/installation/gitops/hybrid-gitops/) in your own cluster
12+
13+
You can then add[external clusters]({{site.baseurl}}/docs/installation/gitops/managed-cluster/) to any runtime (hosted or private).
1314

14-
.

‎_docs/installation/gitops/hybrid-gitops.md‎

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,8 @@ If Bitbucker Server is your Git provider, you must also select the specific serv
1818

1919
>To change the Git provider for your Codefresh account after installation, contact Codefresh support.
2020
21+
>If you want to[skip validating the scopes for the provided token](#skip-token-scope-validation), you_must create the repositories for the runtime and for the Git Source before starting the installation_.
22+
2123

2224
**Codefresh and Argo CD**
2325
The Hybrid GitOps Runtime comprises Argo CD components and Codefresh-specific components.
@@ -847,7 +849,7 @@ If you are not sure which OS to select for `curl`, simply select one, and Codefr
847849
## Hybrid GitOps Runtime installation flags
848850
This section describes the required and optional flags to install a Hybrid GitOps Runtime.
849851
For documentation purposes, the flags are grouped into:
850-
* Runtime flags, relating toRuntime, cluster, and namespace requirements
852+
* Runtime flags, relating toruntime, cluster, and namespace requirements
851853
* Ingress-less flags, for tunnel-based installation
852854
* Ingress-controller flags, for ingress-based installation
853855
* Git provider and repo flags
@@ -979,6 +981,16 @@ You can define any of the following Git providers:
979981
</br>
980982
{:/}
981983

984+
#### Skip token scopes validation
985+
Optional.
986+
Skip validating scopes for the token provided (for any Git provider). This flag can be useful for GitHub with fine-grained tokens, as these are currently (March 23) still in Beta according to GitHub, and therefore not offically supported by Codefresh. The tokens should work if they have the correct scopes.<br>
987+
988+
To skip token validation, add `--skip-permission-validation true`.
989+
990+
> IMPORTANT:
991+
Before using this flag, [review the required scopes for runtime tokens]({{site.baseurl}}/docs/reference//git-tokens/#git-runtime-token-scopes). <br><br>
992+
When defined, Codefresh does not validate the scopes assigned to the token provided. If the token does not include the scopes required for Codefresh to automatically create the repositories for the runtime and Git Source during installation, the installation will fail.
993+
The alternative is to create both repos before the installation.
982994

983995

984996
#### GitHub
@@ -1165,6 +1177,8 @@ where:
11651177
</br></br>
11661178
{:/}
11671179

1180+
1181+
11681182
### Codefresh resource flags
11691183
**Codefresh demo resources**
11701184
Optional.

‎_docs/reference/git-tokens.md‎

Lines changed: 19 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ toc: true
1010

1111

1212
Codefresh requires two types of Git tokens for authentication:
13-
* Git runtime token for runtime installation
13+
* Git runtime token for runtime installation<br>
1414
Used by:
1515
* Argo CD clone repositories and pull changes to sync the desired state in Git to the live state on the cluster.
1616
* Argo Events to create webhooks in Git repositories for Event Sources in Delivery Pipelines
@@ -36,9 +36,15 @@ The Git runtime token is mandatory for runtime installation.
3636
{:/}
3737

3838
####GitHub and GitHub Enterprise runtime token scopes
39+
GitHub and GitHub Enterprise offer classic tokens, and fine-grained tokens (currently in Beta in GitHub).
40+
41+
42+
{: .table .table-bordered .table-hover}
43+
| Classic runtime token scopes|| Fine-grained runtime token scopes|
44+
| --------------||--------------|
45+
| {::nomarkdown}<ul><li><codeclass="highlighter-rouge">repo</code></li><li><codeclass="highlighter-rouge">admin:repo_hook</code></li></ul>{:/}|| {::nomarkdown}<ul><li><b>Repository access</b>: <codeclass="highlighter-rouge">All repositories</code> or <codeclass="highlighter-rouge">Only select repositories</code></li><li><b>Repository permissions</b>: <ul><li><b>Administration</b>: <codeclass="highlighter-rouge">Read and write</code></li><li><b>Contents</b>: <codeclass="highlighter-rouge">Read and write</code></li><li><b>Metadata</b>: <codeclass="highlighter-rouge">Read-only</code></li></li><li><b>Webhook</b>: <codeclass="highlighter-rouge">Read and write</code></li></ul></ul>{:/}|
46+
3947

40-
*`repo`
41-
*`admin:repo_hook`
4248

4349
{::nomarkdown}
4450
</br>
@@ -75,17 +81,16 @@ The Git personal token is a user-specific personal access token per provisioned
7581
{:/}
7682

7783
####GitHub and GitHub Enterprise personal user token scopes
78-
*`repo`
79-
80-
<!---{% include
81-
image.html
82-
lightbox="true"
83-
file="/images/getting-started/github-pat.png"
84-
url="/images/getting-started/github-pat.png"
85-
alt="Permissions for Git personal token"
86-
caption="Permissions for Git personal token"
87-
max-width="60%"
88-
%}-->
84+
85+
GitHub and GitHub Enterprise offer classic tokens, and fine-grained tokens (currently in Beta in GitHub).
86+
87+
{: .table .table-bordered .table-hover}
88+
| Classic user token scopes|| Fine-grained user token scopes|
89+
| --------------||--------------|
90+
| {::nomarkdown}<ul><li><codeclass="highlighter-rouge">repo</code></li></ul>{:/}|| {::nomarkdown}<ul><li><b>Repository access</b>: <codeclass="highlighter-rouge">All repositories</code> or <codeclass="highlighter-rouge">Only select repositories</code></li><li><b>Repository permissions</b>: <ul><li><b>Contents</b>: <codeclass="highlighter-rouge">Read and write</code></li><li><b>Metadata</b>: <codeclass="highlighter-rouge">Read-only</code></li></li></ul></ul>{:/}|
91+
92+
93+
8994
{::nomarkdown}
9095
</br>
9196
{:/}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp