Skip to main content
我们经常发布文档更新,此页面的翻译可能仍在进行中。有关最新信息,请访问英语文档
� 

� 

此版本的 GitHub Enterprise 已停止服务 2022-10-12. 即使针对重大安全问题,也不会发布补丁。 为了获得更好的性能、更高的安全性和新功能,请升级到最新版本的 GitHub Enterprise。 如需升级帮助,请联系 GitHub Enterprise 支持

About permissions for GitHub Packages

本文内容

Learn about how to manage permissions for your packages.

GitHub Packages 适用于 GitHub Free、GitHub Pro、面向组织的 GitHub Free、GitHub Team, GitHub Enterprise Cloud, GitHub Enterprise Server 3.0 或更高版本以及 GitHub AE。 有关升级 GitHub Enterprise Server 实例更多信息,请参阅“关于升级至新版本”和 升级助手以从� 当前的发布版本中查找升级路径。

Permissions for repository-scoped packages

A repository-scoped package inherits the permissions and visibility of the repository that owns the package. You can find a package scoped to a repository by going to the main page of the repository and clicking the Packages link to the right of the page.

The GitHub Packages registries below only use repository-scoped permissions:

  • Docker registry (docker.pkg.github.com)
  • npm registry
  • RubyGems registry
  • Apache Maven registry
  • NuGet registry

About scopes and permissions for package registries

To use or manage a package hosted by a package registry, you must use a personal access token with the appropriate scope, and your personal account must have appropriate permissions.

For example:

  • To download and install packages from a repository, your personal access token must have the read:packages scope, and your user account must have read permission.
  • To delete a package on GitHub Enterprise Server, your personal access token must at least have the delete:packages and read:packages scope. The repo scope is also required for repo-scoped packages. For more information, see "Deleting and restoring a package."
ScopeDescriptionRequired permission
read:packagesDownload and install packages from GitHub Packagesread
write:packagesUpload and publish packages to GitHub Packageswrite
delete:packagesDelete packages from GitHub Packagesadmin
repoUpload and delete packages (along with write:packages, or delete:packages)write or admin

When you create a GitHub Actions workflow, you can use the GITHUB_TOKEN to publish and install packages in GitHub Packages without needing to store and manage a personal access token.

For more information, see:

Maintaining access to packages in GitHub Actions workflows

To ensure your workflows will maintain access to your packages, ensure that you're using the right access token in your workflow and that you've enabled GitHub Actions access to your package.

For more conceptual background on GitHub Actions or examples of using packages in workflows, see "Managing GitHub Packages using GitHub Actions workflows."

Access tokens

  • To publish packages associated with the workflow repository, use GITHUB_TOKEN.
  • To install packages associated with other private repositories that GITHUB_TOKEN can't access, use a personal access token

For more information about GITHUB_TOKEN used in GitHub Actions workflows, see "Authentication in a workflow."