# ๐Ÿ”‘ GitHub Token Setup Guide ## ๐ŸŽฏ **Why You Need This** The Gitea Actions workflows use Trivy for security scanning, which needs to download vulnerability databases from GitHub. Without a GitHub token, you'll hit rate limits and the security scans will fail. ## ๐Ÿš€ **Quick Setup (5 minutes)** ### **Step 1: Create GitHub Personal Access Token** 1. **Go to GitHub**: https://github.com/settings/tokens 2. **Click "Generate new token"** โ†’ "Generate new token (classic)" 3. **Configure the token**: - **Note**: `B4L Ping River Monitor - Gitea Actions` - **Expiration**: `90 days` (or longer) - **Scopes**: Select `public_repo` (for public repositories) 4. **Click "Generate token"** 5. **Copy the token** (you won't see it again!) ### **Step 2: Add Token to Gitea Repository** 1. **Go to your repository**: https://git.b4l.co.th/B4L/Northern-Thailand-Ping-River-Monitor 2. **Click "Settings"** (in the repository) 3. **Click "Secrets"** in the left sidebar 4. **Click "Add Secret"** 5. **Configure the secret**: - **Name**: `GITHUB_TOKEN` - **Value**: Paste the token you copied from GitHub 6. **Click "Add Secret"** ### **Step 3: Verify It's Working** 1. **Trigger a workflow** by pushing a commit or manually running the security workflow 2. **Check the Actions tab** in your repository 3. **Look for the message**: `โœ… GITHUB_TOKEN is configured` ## ๐Ÿ”’ **Security Best Practices** ### **Token Permissions** - **Minimum required**: `public_repo` scope - **Never use**: `repo` scope unless you need private repo access - **Avoid**: Admin or write permissions ### **Token Management** - **Set expiration**: Don't create tokens that never expire - **Regular rotation**: Update tokens every 90 days - **Monitor usage**: Check GitHub token usage in settings ### **Repository Security** - **Only trusted contributors**: Should have access to repository secrets - **Audit regularly**: Review who has access to secrets - **Use organization secrets**: For multiple repositories ## ๐Ÿงช **Testing the Setup** ### **Manual Test** ```bash # Trigger the security workflow manually # Go to: Repository โ†’ Actions โ†’ Security & Dependency Updates โ†’ Run workflow ``` ### **Automatic Test** ```bash # Push any change to trigger workflows git commit --allow-empty -m "Test GitHub token setup" git push ``` ### **Check Workflow Logs** 1. Go to Actions tab in your repository 2. Click on the latest "Security & Dependency Updates" run 3. Click on "Docker Security Scan" job 4. Look for: `โœ… GITHUB_TOKEN is configured` ## โŒ **Troubleshooting** ### **"GITHUB_TOKEN not configured" message** - **Problem**: Token not added to repository secrets - **Solution**: Follow Step 2 above, ensure exact name `GITHUB_TOKEN` ### **"Bad credentials" error** - **Problem**: Token is invalid or expired - **Solution**: Generate a new token and update the secret ### **Rate limit errors** - **Problem**: Token doesn't have correct permissions - **Solution**: Ensure token has `public_repo` scope ### **Trivy still failing** - **Problem**: Network issues or GitHub API problems - **Solution**: Wait and retry, or check GitHub status page ## ๐ŸŽ‰ **Success Indicators** When everything is working correctly, you'll see: โœ… **In workflow logs**: `โœ… GITHUB_TOKEN is configured` โœ… **Security scans**: Complete without authentication errors โœ… **Trivy reports**: Generated and uploaded as artifacts โœ… **No rate limit errors**: In the workflow execution ## ๐Ÿ“š **Additional Resources** - [GitHub Personal Access Tokens Documentation](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) - [Gitea Secrets Documentation](https://docs.gitea.io/en-us/usage/actions/#secrets) - [Trivy Action Documentation](https://github.com/aquasecurity/trivy-action) --- **Setup Time**: ~5 minutes **Token Validity**: 90 days (recommended) **Security Level**: High (read-only public repo access) Your workflows will now run smoothly with proper GitHub API authentication! ๐Ÿš€