[Documentation] Wrong permission GitHub fine-grained PAT Authentication

[seternate]

How are you running Renovate?

Self-hosted Renovate

If you're self-hosting Renovate, tell us which platform (GitHub, GitLab, etc) and which version of Renovate.

Docker-Compose, 39.106

Please tell us more about your question or problem

Hi folks,

While setting up renovate for one of my repositories I followed exactly the "Authentication" part for fine-grained PAT for GitHub and setup a fine-grained PAT with the given Permissions. But the first permission Members is nowhere to be found for a PAT (there is no Level called Organization). Therefore I ignored it.

After looking into debug logs I realised I was missing permissions for the user/emails endpoint (see last line of provided logs). After a short look into GitHub API the Members permissions on the Permissions table found in the documentation needs to be changed to:

Permission	Access	Level
Email addresses	Read-only	Account

Logs (if relevant)

Logs

DEBUG: Using RE2 regex engine
DEBUG: Parsing configs
DEBUG: Checking for config file in config.js
DEBUG: File config
       "config": {
         "token": "***********",
         "repositories": ["seternate/jest-homeserver"],
         "dryRun": "full"
       }
DEBUG: CLI config
       "config": {}
DEBUG: Env config
       "config": {"hostRules": []}
DEBUG: Combined config
       "config": {
         "token": "***********",
         "repositories": ["seternate/jest-homeserver"],
         "dryRun": "full",
         "hostRules": []
       }
DEBUG: Enabling forkProcessing while in non-autodiscover mode
DEBUG: Enabling onboardingNoDeps while in non-autodiscover mode
DEBUG: Found valid git version: 2.47.1
DEBUG: Setting global hostRules
DEBUG: Using default github endpoint: https://api.github.com/
DEBUG: hostRules: authentication already set for api.github.com
DEBUG: Using queue: host=api.github.com, concurrency=16
DEBUG: GET https://api.github.com/user/emails = (code=ERR_NON_2XX_3XX_RESPONSE, statusCode=403 retryCount=0, duration=165)
DEBUG: Cannot read user/emails endpoint on GitHub to retrieve gitAuthor

[rarkins]

Thanks, would you like to submit a PR fixing this?

renovate/lib/modules/platform/github/readme.md

Line 58 in 2de047e

| `Members` | `Read-only` | _Organization_ |

FYI @jsoref who authored the original PR. This feature is in preview so potentially has changed since then

[jsoref]

I barely touch renovate. I'm sorry.

I'm happy to read any changes people propose.

[seternate]

Should I promote this to an issue then? Would do a PR for it ☺️

[jsoref]

Personally, if I knew how to fix it, I'd just make a PR.