I just did some thorough tests and I found it's not repo_deployment; it's public_repo. A token with just public_repo can do Granting "repo" grants both.
$ curl -X POST -v -H 'Authorization: token f19221032b2d42cb876161ec4545720229d8e3e3' -H 'Content-Type: application/json' https://api.github.com/repos/shimming-toolbox/shimming-toolbox.org/pages/builds
* Trying 140.82.112.6:443...
* TCP_NODELAY set
* Connected to api.github.com (140.82.112.6) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=*.github.com
* start date: Jul 8 00:00:00 2019 GMT
* expire date: Jul 16 12:00:00 2020 GMT
* subjectAltName: host "api.github.com" matched cert's "*.github.com"
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
* SSL certificate verify ok.
> POST /repos/shimming-toolbox/shimming-toolbox.org/pages/builds HTTP/1.1
> Host: api.github.com
> User-Agent: curl/7.66.0
> Accept: */*
> Authorization: token f19221032b2d42cb876161ec4545720229d8e3e3
> Content-Type: application/json
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 201 Created
< Server: GitHub.com
< Date: Wed, 17 Jun 2020 01:10:55 GMT
< Content-Type: application/json; charset=utf-8
< Content-Length: 103
< Status: 201 Created
< X-RateLimit-Limit: 5000
< X-RateLimit-Remaining: 4979
< X-RateLimit-Reset: 1592358878
< Cache-Control: private, max-age=60, s-maxage=60
< Vary: Accept, Authorization, Cookie, X-GitHub-OTP
< ETag: "181774e69295ed84245edd3ba1c451c7"
< X-OAuth-Scopes: public_repo
< X-Accepted-OAuth-Scopes:
< Location: https://api.github.com/repositories/253874659/pages/builds/latest
< X-GitHub-Media-Type: github.v3; format=json
< Access-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, Deprecation, Sunset
< Access-Control-Allow-Origin: *
< Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
< X-Frame-Options: deny
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
< Content-Security-Policy: default-src 'none'
< Vary: Accept-Encoding, Accept, X-Requested-With
< X-GitHub-Request-Id: 643D:2881:B45E5B:139041E:5EE96D9F
<
{
"status": "queued",
"url": "https://api.github.com/repositories/253874659/pages/builds/latest"
}
$ curl -X POST -v -H 'Authorization: token 4417a2f8e86b89cb8ede6cac7cba3ac982640ab7' -H 'Content-Type: application/json' https://api.github.com/repos/shimming-toolbox/shimming-toolbox.org/pages/builds
* Trying 140.82.112.6:443...
* TCP_NODELAY set
* Connected to api.github.com (140.82.112.6) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=*.github.com
* start date: Jul 8 00:00:00 2019 GMT
* expire date: Jul 16 12:00:00 2020 GMT
* subjectAltName: host "api.github.com" matched cert's "*.github.com"
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
* SSL certificate verify ok.
> POST /repos/shimming-toolbox/shimming-toolbox.org/pages/builds HTTP/1.1
> Host: api.github.com
> User-Agent: curl/7.66.0
> Accept: */*
> Authorization: token 4417a2f8e86b89cb8ede6cac7cba3ac982640ab7
> Content-Type: application/json
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 404 Not Found
< Server: GitHub.com
< Date: Wed, 17 Jun 2020 01:14:12 GMT
< Content-Type: application/json; charset=utf-8
< Content-Length: 121
< Status: 404 Not Found
< X-RateLimit-Limit: 5000
< X-RateLimit-Remaining: 4978
< X-RateLimit-Reset: 1592358878
< X-OAuth-Scopes: repo_deployment
< X-Accepted-OAuth-Scopes:
< X-GitHub-Media-Type: github.v3; format=json
< Access-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, Deprecation, Sunset
< Access-Control-Allow-Origin: *
< Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
< X-Frame-Options: deny
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
< Content-Security-Policy: default-src 'none'
< Vary: Accept-Encoding, Accept, X-Requested-With
< X-GitHub-Request-Id: 53D9:0651:9E09AD:11C67EC:5EE96E64
<
{
"message": "Not Found",
"documentation_url": "https://developer.github.com/v3/repos/pages/#request-a-page-build"
}