Insiders: Github Token for git committers plugin (and on readthedocs)

[rfay]

I'm experimenting with the very nice (insiders) contributors feature with the git committers plugin on insiders, and really love being able to show those.

Of course it requires a GitHub token. But...

• The docs don't say what scope is required for this token, could you say?
• Our docs are currently hosted on readthedocs... I can add the token as an environment variable there, but hate to do that. Suggestions about how to work around that?
• How would you provide this token in other build environments (like GitHub pages)?

Edit: I see in https://github.com/ojacques/mkdocs-git-committers-plugin-2 that the token scope should be documented there. I imagine it requires no privs at all. I'd still love direction from experts about how to inject this safely in readthedocs. I guess a token with no scope is not that much worth worrying about.

[squidfunk]

Thanks, I'm glad you love those! Tokens should be added via secrets. I'm not sure if readthedocs offers such a functionality, but it's the de-facto standard, supported by GitHub and GitLab. I'm looping in @ojacques, as he's the expert on the git-committers plugin.

[ojacques]

Hi @rfay - glad you find it useful!

The docs don't say what scope is required for this token, could you say?

The GitHub token does not need any scope. You can uncheck everything. I just updated the docs.

Regarding providing the token through a secret and an environment variable, it's standard practice, although I agree not the best security posture.

[rfay]

Thanks so much. (I did try it with environment variable on readthedocs; although they provide the feature it must not be there at the right time or something.)