From 809f6c45fd77d662554bd03db848f79bc79577e3 Mon Sep 17 00:00:00 2001
From: Michal Konecny <mkonecny@redhat.com>
Date: Thu, 16 Jan 2025 14:33:00 +0100
Subject: [PATCH] [release-monitoring] Narrow GitHub scopes

We don't need anything else than e-mail and username to login user.
Let's narrow the scopes for GitHub to only user:email.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
---
 roles/openshift-apps/release-monitoring/templates/anitya.toml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/openshift-apps/release-monitoring/templates/anitya.toml b/roles/openshift-apps/release-monitoring/templates/anitya.toml
index 7a12e17dfd..5143b2a78a 100644
--- a/roles/openshift-apps/release-monitoring/templates/anitya.toml
+++ b/roles/openshift-apps/release-monitoring/templates/anitya.toml
@@ -60,7 +60,7 @@ github_authorize_url = "https://github.com/login/oauth/authorize"
 # Github URL for API
 github_api_base_url = "https://api.github.com/"
 # Additional arguments for Github authentication
-github_client_kwargs = { scope = "user" }
+github_client_kwargs = { scope = "user:email" }
 
 # Fedora OAuth backend variables
 # Fedora OAuth client id
@@ -103,7 +103,7 @@ github_authorize_url = "https://github.com/login/oauth/authorize"
 # Github URL for API
 github_api_base_url = "https://api.github.com/"
 # Additional arguments for Github authentication
-github_client_kwargs = { scope = "user" }
+github_client_kwargs = { scope = "user:email" }
 
 # Fedora OAuth backend variables
 # Fedora OAuth client id