Minimum permissions for a GitHub access token to clone, push, and pull from repo?

Question

I wish to adhere to best practice and use a GitHub fine-grained token to limit access to a subset of repositories (as opposed to a classic token, which gives access to all repos).

I'd like the token to grant the ability to git clone, git push, and git pull (a little extra is fine, but it should at least allow those capabilities).

Which repository permission(s) do I need to grant?

GitHub presents me a list of available repository permissions options (unfortunately none contain the aforementioned git commands in their descriptions):

Fine-grained token permissions documentation is extremely detailed but I can't spot the answer to my fairly simple question.

Note

I don't mind if access to abilities beyond git clone, git push and git pull are also granted; I'm just after some sensible permission/s that grants at least those abilities (but doesn't go as far as the classic tokens do). I'm quite confident if every repository permission was granted, then it would allow clone/pull/push, but I wish to avoid going overboard and basically allowing access to every repo permission for that repository - some sensible in-between is what I'm after.

Answer 1

The answer is

• Set Contents to Read and Write
  • This will automatically set Metadata to Read only

This is all you need to git clone, git push, and git pull.