Hi! I initially abandoned setting this up after running into the Resource not accessible by integration issue, as the suggested pull_request_target seemed not very good. However, working with another action showed me that you can set permissions with something like
permissions:
# Required to checkout the code
contents: write
checks: write
# Required to put a comment into the pull-request
pull-requests: write
I think this is a preferred option (at least for uses cases where the PRs are all from internal branches.) compared to what is currently shown as an option to fix this issue.
Additional context
Additionally the check seemed to work just fine with contents: read & pull-requests: write aside from the failing API calls (tests were ran, coverage comment was made) and these permissions line up with other similar actions (https://github.com/marketplace/actions/vitest-coverage-report) Is there a reason why this action requires additional permissions? Maybe we could document them in the same spot.
Describe
Hi! I initially abandoned setting this up after running into the
Resource not accessible by integrationissue, as the suggestedpull_request_targetseemed not very good. However, working with another action showed me that you can set permissions with something likeI think this is a preferred option (at least for uses cases where the PRs are all from internal branches.) compared to what is currently shown as an option to fix this issue.
Additional context
Additionally the check seemed to work just fine with
contents: read & pull-requests: writeaside from the failing API calls (tests were ran, coverage comment was made) and these permissions line up with other similar actions (https://github.com/marketplace/actions/vitest-coverage-report) Is there a reason why this action requires additional permissions? Maybe we could document them in the same spot.Thanks!