Add artifact_metadata permission to Actions docs (#58427)

Co-authored-by: Joe Clark <31087804+jc-clark@users.noreply.github.com>
2025-12-19 09:57:42 -05:00 · 2025-11-14 16:08:30 -05:00
parent 2566b0ed08
commit 61c63d5a5f
4 changed files with 12 additions and 1 deletions
--- a/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md
+++ b/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md
@@ -197,6 +197,9 @@ Repository permissions work for both user and organization resource owners.
 |---|---|---|
 | `actions` | Actions | `read`, `write` |
 | `administration` | Administration | `read`, `write` |
+| {% ifversion artifact-metadata %} |
+| `artifact_metadata` | Artifact Metadata | `read`, `write` |
+| {% endif %} |
 | `attestations` | Attestations | `read`, `write` |
 | `security_events` | Code scanning alerts | `read`, `write` |
 | `codespaces` | Codespaces | `read`, `write` |
--- a/data/features/artifact-metadata.yml
+++ b/data/features/artifact-metadata.yml
@@ -0,0 +1,4 @@
+# Artifact Metadata GA
+versions:
+  fpt: '*'
+  ghec: '*'
--- a/data/reusables/actions/github-token-available-permissions.md
+++ b/data/reusables/actions/github-token-available-permissions.md
@@ -2,7 +2,8 @@ You can define the access that the `GITHUB_TOKEN` will permit by specifying `rea

 ```yaml
 permissions:
-  actions: read|write|none{% ifversion artifact-attestations %}
+  actions: read|write|none{% ifversion artifact-metadata %}
+  artifact-metadata: read|write|none{% endif %}{% ifversion artifact-attestations %}
  attestations: read|write|none{% endif %}
  checks: read|write|none
  contents: read|write|none
--- a/data/reusables/actions/github-token-scope-descriptions.md
+++ b/data/reusables/actions/github-token-scope-descriptions.md
@@ -5,6 +5,9 @@ Available permissions and details of what each allows an action to do:
 | Permission | Allows an action using `GITHUB_TOKEN` to |
 | --- | --- |
 |  `actions` | Work with GitHub Actions. For example, `actions: write` permits an action to cancel a workflow run. For more information, see [AUTOTITLE](/rest/overview/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-actions). |
+| {% ifversion artifact-metadata %} |
+|  `artifact-metadata` | Work with artifact metadata. For example, `artifact-metadata: write` permits an action to create storage records on behalf of a build artifact. For more information, see [AUTOTITLE](/rest/orgs/artifact-metadata?apiVersion=2022-11-28). |
+| {% endif %} |
 | {% ifversion artifact-attestations %} |
 |  `attestations` | Work with artifact attestations. For example, `attestations: write` permits an action to generate an artifact attestation for a build. For more information, see [AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds) |
 | {% endif %} |