I'm building a CLI which triggers an Action (using workflow_dispatch) in my repository. I'm using Github API to perform this task. Taken from the docs:
You must authenticate using an access token with the repo scope to use this endpoint.
I've generated a PAT with repo scope to authenticate myself. I want users to run this CLI. Is it safe to share this PAT (which has repo as the only scope)?
p.s. I know it is ironical to ask if "Personal"-access-token can be "shared". But I don't see any problem it can cause with its limited scope.
I don't think it is a good idea. Repo scope is not limited to only one repo.
If you want to trigger actions by external users, your best bet would probably be to create a workflow running on PR or Issue events.