Disable classic PATs org-wide #247
Description
The GitHub UI doesn't show anymore classic PATs so it is hard to understand what PATs we have created. We should:
- Understand what classic PATs we have and migrate them to github apps / fine grained PATs
- click the button in the screenshot from this setting page to disable existing classic PATs
- Fix workflows and apps that break
To discover possible tokens used in GitHub Actions we could programmatically get the name of the secrets of every repo in our organizations.
Also, note that we can rollback step 2 in case something breaks and we can't fix it immediately.
List of things to fix before step 2:
- sync team token (rust-lang-owner)
- triagebot token
- check all the tokens of the bots that we have in 1password
Note
You can use the API call curl -H "Authorization: token $GITHUB_TOKEN" https://api.github.com/user to understand which account provisioned the token.