Github Action Homebrew authorization scope documentation

[tanelmae]

Writing this in free form as I don't think it fits well with the template.

Github Action documentation tells people to use predefined GITHUB_TOKEN secret.

env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

That secret is set by Github and the token's permissions are limited to the repository that contains your workflow.

While this is enough to publish repository releases, it is not enough if changes need to be made in another repository. I would expect that is the common case when using goreleaser to publish to Homebrew taps.
To make it work, user can create access token with correct scope manually and adding as a secret in the repository with goreleaser Github Action.

env:
          GITHUB_TOKEN: ${{ secrets. GORELEASER_GITHUB_TOKEN }}

This was mentioned in the documentation in 6809172 but removed in a7f049e
This should be somehow covered in the Github Action documentation.

It would be nice if Github would allow more fine grained control over the scope of the generated GITHUB_TOKEN secret. But this is how it works for now.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[caarlos0]

cc/ @crazy-max

[crazy-max]

Hi @tanelmae, feel free to open a PR to enhance the documentation in the README. Thanks

[arvenil]

I just spent an hour trying to figure out why it doesn't work. Thank you for this open issue! I'm new with github actions and didn't realize token is limited to just current repo.

[crazy-max]

Notes have been added about this limitation: https://github.com/goreleaser/goreleaser-action#limitation