Permissions for repository-scoped packages
A repository-scoped package inherits the permissions and visibility of the repository that owns the package. You can find a package scoped to a repository by going to the main page of the repository and clicking the Packages link to the right of the page.
The Registro del paquete de GitHub registries below use repository-scoped permissions:
- Docker registry (
docker.pkg.github.com) - npm registry
- RubyGems registry
- Apache Maven registry
- NuGet registry
About scopes and permissions for package registries
To use or manage a package hosted by a package registry, you must use a token with the appropriate scope, and your user account must have appropriate permissions.
For example:
- To download and install packages from a repository, your token must have the
read:packagesscope, and your user account must have read permission. - To delete a specified version of a package on GitHub AE, your token must have the
delete:packagesandreposcope. For more information, see "Deleting a package."
| Scope | Description | Required permission |
|---|---|---|
read:packages | Download and install packages from Registro del paquete de GitHub | read |
write:packages | Upload and publish packages to Registro del paquete de GitHub | write |
delete:packages | Delete specified versions of packages from Registro del paquete de GitHub | admin |
repo | Upload and delete packages (along with write:packages, or delete:packages) | write or admin |
When you create a GitHub Actions workflow, you can use the GITHUB_TOKEN to publish and install packages in Registro del paquete de GitHub without needing to store and manage a personal access token.
For more information, see:
- "Publishing and installing a package with GitHub Actions"
- "Creating a personal access token"
- "Available scopes"
Maintaining access to packages in GitHub Actions workflows
To ensure your workflows will maintain access to your packages, ensure that you're using the right access token in your workflow and that you've enabled GitHub Actions access to your package.
For more conceptual background on GitHub Actions or examples of using packages in workflows, see "Managing GitHub Packages using GitHub Actions workflows."
Access tokens
- To publish packages associated with the workflow repository, use
GITHUB_TOKEN. - To install packages associated with other private repositories that
GITHUB_TOKENcan't access, use a personal access token
For more information about GITHUB_TOKEN used in GitHub Actions workflows, see "Authentication in a workflow."