From 809f6c45fd77d662554bd03db848f79bc79577e3 Mon Sep 17 00:00:00 2001
From: Michal Konecny <mkonecny@redhat.com>
Date: Jan 16 2025 13:33:00 +0000
Subject: [release-monitoring] Narrow GitHub scopes


We don't need anything else than e-mail and username to login user.
Let's narrow the scopes for GitHub to only user:email.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>

---

diff --git a/roles/openshift-apps/release-monitoring/templates/anitya.toml b/roles/openshift-apps/release-monitoring/templates/anitya.toml
index 7a12e17..5143b2a 100644
--- a/roles/openshift-apps/release-monitoring/templates/anitya.toml
+++ b/roles/openshift-apps/release-monitoring/templates/anitya.toml
@@ -60,7 +60,7 @@ github_authorize_url = "https://github.com/login/oauth/authorize"
 # Github URL for API
 github_api_base_url = "https://api.github.com/"
 # Additional arguments for Github authentication
-github_client_kwargs = { scope = "user" }
+github_client_kwargs = { scope = "user:email" }
 
 # Fedora OAuth backend variables
 # Fedora OAuth client id
@@ -103,7 +103,7 @@ github_authorize_url = "https://github.com/login/oauth/authorize"
 # Github URL for API
 github_api_base_url = "https://api.github.com/"
 # Additional arguments for Github authentication
-github_client_kwargs = { scope = "user" }
+github_client_kwargs = { scope = "user:email" }
 
 # Fedora OAuth backend variables
 # Fedora OAuth client id