But I'm not even sure because GH auth system is all over the place and downright nuts in some places...
e.g a fine grained token with repo access can't curl a tarball with the usual URL, it has to use the /api which makes tooling that constructs URLs from repo names and versions break with no recourse as soon as you disable classic PATs
- create a GitHub App or something that can generate transient tokens
- implement some CLI that generates a token
- login with that token
- push
See e.g: https://medium.com/@tiwari09abhi/github-app-token-authorizat... https://martin.baillie.id/wrote/ephemeral-github-tokens-via-...
But I'm not even sure because GH auth system is all over the place and downright nuts in some places...
e.g a fine grained token with repo access can't curl a tarball with the usual URL, it has to use the /api which makes tooling that constructs URLs from repo names and versions break with no recourse as soon as you disable classic PATs