add valid github scopes

services/actions/permission_parser.go

@@ -117,6 +117,11 @@ func parseRawPermissionsExplicit(rawPerms *yaml.Node) *repo_model.ActionsTokenPe
 				result.UnitAccessModes[unit.TypeReleases] = mode
 			case "projects":
 				result.UnitAccessModes[unit.TypeProjects] = mode
+			// Scopes github supports but gitea does not, see url for details
+			// https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax
+			case "artifact-metadata", "attestations", "checks", "deployments",
+				"id-token", "models", "discussions", "pages", "security-events", "statuses":
+
 			default:
 				setting.PanicInDevOrTesting("Unrecognized permission scope: %s", scope)
 			}

services/actions/permission_parser_test.go

@@ -33,6 +33,36 @@ func TestParseRawPermissions_ReadAll(t *testing.T) {
 	assert.Equal(t, perm.AccessModeRead, result.UnitAccessModes[unit.TypeProjects])
 }
 
+// TestParseRawPermissions_GithubScopes verifies that all scopes that github supports are accounted for
+func TestParseRawPermissions_GithubScopes(t *testing.T) {
+	var rawPerms yaml.Node
+	// Taken and stripped down from:
+	// https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#defining-access-for-the-github_token-scopes
+	yamlContent := `
+actions: read
+artifact-metadata: read
+attestations: read
+checks: read
+contents: read
+deployments: read
+id-token: write
+issues: read
+models: read
+discussions: read
+packages: read
+pages: read
+pull-requests: read
+security-events: read
+statuses: read`
+	err := yaml.Unmarshal([]byte(yamlContent), &rawPerms)
+	require.NoError(t, err)
+
+	result := parseRawPermissionsExplicit(&rawPerms)
+	require.NotNil(t, result)
+
+	// No asserts for permissions set on purpose
+}
+
 func TestParseRawPermissions_WriteAll(t *testing.T) {
 	var rawPerms yaml.Node
 	err := yaml.Unmarshal([]byte(`write-all`), &rawPerms)