From 61c63d5a5f250f383839d86fe7c3ae5e0a35ba3e Mon Sep 17 00:00:00 2001 From: Indigo Date: Fri, 14 Nov 2025 16:08:30 -0500 Subject: [PATCH] Add artifact_metadata permission to Actions docs (#58427) Co-authored-by: Joe Clark <31087804+jc-clark@users.noreply.github.com> --- .../managing-your-personal-access-tokens.md | 3 +++ data/features/artifact-metadata.yml | 4 ++++ data/reusables/actions/github-token-available-permissions.md | 3 ++- data/reusables/actions/github-token-scope-descriptions.md | 3 +++ 4 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 data/features/artifact-metadata.yml diff --git a/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md b/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md index 1fdc00658e..0da4f95c84 100644 --- a/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md +++ b/content/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens.md @@ -197,6 +197,9 @@ Repository permissions work for both user and organization resource owners. |---|---|---| | `actions` | Actions | `read`, `write` | | `administration` | Administration | `read`, `write` | +| {% ifversion artifact-metadata %} | +| `artifact_metadata` | Artifact Metadata | `read`, `write` | +| {% endif %} | | `attestations` | Attestations | `read`, `write` | | `security_events` | Code scanning alerts | `read`, `write` | | `codespaces` | Codespaces | `read`, `write` | diff --git a/data/features/artifact-metadata.yml b/data/features/artifact-metadata.yml new file mode 100644 index 0000000000..01f9cf6c6a --- /dev/null +++ b/data/features/artifact-metadata.yml @@ -0,0 +1,4 @@ +# Artifact Metadata GA +versions: + fpt: '*' + ghec: '*' diff --git a/data/reusables/actions/github-token-available-permissions.md b/data/reusables/actions/github-token-available-permissions.md index 94cea05a10..b2c7ab5c73 100644 --- a/data/reusables/actions/github-token-available-permissions.md +++ b/data/reusables/actions/github-token-available-permissions.md @@ -2,7 +2,8 @@ You can define the access that the `GITHUB_TOKEN` will permit by specifying `rea ```yaml permissions: - actions: read|write|none{% ifversion artifact-attestations %} + actions: read|write|none{% ifversion artifact-metadata %} + artifact-metadata: read|write|none{% endif %}{% ifversion artifact-attestations %} attestations: read|write|none{% endif %} checks: read|write|none contents: read|write|none diff --git a/data/reusables/actions/github-token-scope-descriptions.md b/data/reusables/actions/github-token-scope-descriptions.md index e60282deef..9ad41c9d9d 100644 --- a/data/reusables/actions/github-token-scope-descriptions.md +++ b/data/reusables/actions/github-token-scope-descriptions.md @@ -5,6 +5,9 @@ Available permissions and details of what each allows an action to do: | Permission | Allows an action using `GITHUB_TOKEN` to | | --- | --- | | `actions` | Work with GitHub Actions. For example, `actions: write` permits an action to cancel a workflow run. For more information, see [AUTOTITLE](/rest/overview/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-actions). | +| {% ifversion artifact-metadata %} | +| `artifact-metadata` | Work with artifact metadata. For example, `artifact-metadata: write` permits an action to create storage records on behalf of a build artifact. For more information, see [AUTOTITLE](/rest/orgs/artifact-metadata?apiVersion=2022-11-28). | +| {% endif %} | | {% ifversion artifact-attestations %} | | `attestations` | Work with artifact attestations. For example, `attestations: write` permits an action to generate an artifact attestation for a build. For more information, see [AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds) | | {% endif %} |