How to create a GitHub Access Token for deployment

This guide explains how to create a GitHub fine-grained Personal Access Token that you can use for deployments. This token allows CloudRay to securely clone your repositories during the deployment process.

Steps to create a token

  1. Go to GitHub Settings:

    • Log in to your GitHub account
    • Click your profile picture in the top right
    • Select “Settings”

  2. Navigate to Developer Settings:

    • Scroll to the bottom of the left sidebar
    • Click “Developer settings”

  3. Access Personal Access Tokens:

    • Select “Fine-grained tokens”
    • Click “Generate new token”

  4. Configure the token:

    • Name: Give your token a descriptive name (e.g., “CloudRay Deployments”)
    • Expiration: Choose an expiration date (recommended: 1 year)
    • Repository access: Select “Only select repositories” and choose your deployment repositories
    • Permissions:
      • Repository permissions:
        • “Contents”: Read-only (needed for cloning)
        • “Metadata”: Read-only (required by default)

  5. Generate and copy the token:

    • Click “Generate token”
    • Important: Copy the token immediately. GitHub will only show it once.

Using the token

When setting up your CloudRay variable group for deployments:

  1. Create a variable named github_access_token
  2. Paste your GitHub token as the value

The token will be used in the format: https://{token}@github.com/{username}/{repo} when cloning repositories.

Organization requirements

If your repository belongs to an organisation:

  1. The organisation must allow fine-grained tokens
  2. An organisation owner needs to enable fine-grained tokens:
    • Go to Organization Settings > Third-party Access > Personal Access Tokens
    • Click “Set organisation token policy”
    • Enable “Allow fine-grained personal access tokens”

Security considerations

  • Never share your token or commit it to your repository
  • Use the minimum required permissions
  • Regularly rotate your tokens by creating new ones and deleting old ones
  • If a token is compromised, revoke it immediately in your GitHub settings

Token expiration

When your token expires:

  1. Create a new token following the steps above
  2. Update the github_access_token variable in your CloudRay variable group
  3. The old token will automatically become invalid after expiration

That’s it! Your GitHub fine-grained Access Token is now ready to use with CloudRay deployment scripts.