Documentation - GitHub Auto Update (myGAU)
myGAU is an automated solution for updating files in your private and public GitHub repositories. It enables seamless content updates using GitHub's API, providing a streamlined approach for developers and teams.
Features
- Automatic File Updates: Easily update files in any repository.
- Secure Authentication: Uses GitHub tokens to authorize actions.
- Supports CI/CD Integration: Works with workflows and deployments.
- Customizable Access Control: Choose between fine-grained or classic tokens.
Token Types and Usage
1. Fine-Grained Personal Access Tokens (Preview)
A fine-grained personal access token (FGPAT) provides specific, repository-scoped permissions and enhances security by limiting access to only what is necessary.
Essential for Auto-Update Functionality:
- Contents – Needed to manage repository contents, commits, branches, releases, and merges.
- Workflows – Required to update GitHub Action workflow files.
- Webhooks – Ensures auto-updates trigger post-receive hooks.
- Deployments – Supports CI/CD automation for deployment updates.
- Commit statuses – Helps track commit status changes for automated updates.
- Metadata – Useful for fetching repository metadata during updates.
Security & Secrets Management (Optional but Recommended):
- Secrets – Required if workflows use repository secrets for authentication.
- Dependabot secrets – If security updates need to be automated.
- Repository security advisories – To manage security updates automatically.
- Secret scanning alerts – To ensure secrets are not exposed in auto-updates.
2. Personal Access Tokens (Classic)
Classic PATs work like OAuth tokens and can be used in place of passwords for authentication.
Essential for Auto-Update Functionality:
- repo – Full control over private repositories.
- repo:status – Access to commit status.
- repo_deployment – Access to deployment status.
- public_repo – Access to public repositories.
- repo:invite – Access to repository invitations.
- workflow – Update GitHub Action workflows.
- admin:repo_hook – Full control over repository hooks.
- read:user – Read user profile data.
Security & Secrets Management (Optional but Recommended):
- user:email – Access user email addresses (read-only).
- delete_repo – Delete repositories.
- admin:public_key – Full control of user public keys.
- admin:ssh_signing_key – Full control of public user SSH signing keys.
- notifications – Access notifications.
Which Token Should You Use?
Fine-Grained PAT (Recommended): Best for security-conscious users as it allows precise permissions and scope control.
Classic PAT: Suitable for broader repository control but grants more access than necessary in many cases.
How to Use myGAU
Step 1: Generate a GitHub Token
Visit the GitHub Tokens page to create a new token. Choose a Fine-Grained or Classic PAT with the necessary permissions and copy the token securely.
Step 2: Enter Required Details
Provide the following details in myGAU:
- GitHub Username (e.g., `webdeveloperdesigner`)
- Repository Name (e.g., `repo-name`)
- GitHub Token (Paste the generated token)
- File Path (Specify the file location, e.g., `docs/readme.txt`)
Step 3: Update File
Click the Update File button to push changes to your repository automatically.
Version Control and Browser Compatibility
Ensure that your browser is compatible with myGAU's latest features. We recommend keeping your browser updated for optimal performance. You can check your version using the browser's developer tools.
Choosing the Best Token
| Feature |
Fine-Grained Token |
Classic Token |
| Granular Access Control |
✅ |
❌ |
| Repository-Scoped |
✅ |
❌ |
| Recommended for API Calls |
✅ |
✅ |
| Works with GitHub CLI |
❌ |
✅ |
| Secure for Personal Use |
✅ |
❌ |
Security Best Practices
- Do not share your token publicly.
- Use Fine-grained tokens for better security.
- Set an expiration date for tokens whenever possible.
- Limit permissions to the minimum required for your use case.
Conclusion
myGAU simplifies GitHub repository updates by automating file modifications. By choosing the appropriate authentication method and setting up permissions correctly, users can ensure secure and efficient repository management.