Generate a GitHub Token for Release Notes and Golang Updates

Overview

A GitHub.com token is not mandatory for the Developer Platform to function, however it is required if you wish to benefit from the following:

1. Obtaining release notes from GitHub.

2. Receiving updates for Golang dependencies.

Getting it done

Create a GitHub.com Token and Use it in the Developer Platform

A GitHub.com token is recommended for running scans. Without it, Golang dependencies and release notes from GitHub cannot be retrieved (which will result in a warning message in the Developer Platform).

The token can be generated from any GitHub.com account and doesn’t require any permissions:

1. Log into GitHub.com or create a new account.

2. In GitHub, click on your profile at the top-right corner of the page and select Settings.
   

   

3. Select Developer settings from the left-pane menu.

   

4. Under Personal access tokens, select Tokens (classic).

   

5. Click Generate new token --> Generate new token (classic).

   

6. Add a descriptive name for your token under Note (e.g., “Mend.io Developer Platform”) and set the desired Expiration date (you can set a custom date). It is recommended to set a reminder in the calendar to renew the token before it expires.
   

   

7. Don’t add any scopes, instead scroll to the bottom and click Generate Token ( ).

8. Now on the Mend Developer Platform, click on the Project (Azure/Bitbucket) and then on Settings.

   

9. Click on Credentials and then on Add Secret. Give it a name and paste the token from GitHub.com as the Secret Value.

   

10. On the same screen, add a host rule as follows:

    1. Description - Any description

    2. Host type - github

    3. Secret Type - token

    4. Select Secret - the secret from the previous step

Suppress the “Missing GitHub Token” Warning

To permanently suppress the warnings about the GitHub token not being set, please configure the githubTokenWarn parameter as explained in the Renovate documentation.