Open Siilwyn opened 1 year ago
You can also use GITHUB_TOKEN with these permissions:
permissions:
contents: read
pull-requests: write
deployments: write
@davidar oh that's possibly a lot better! No more generating tokens on a 'bot' GH account. Are there any downsides to this? I don't see it mentioned in the readme. Guess the GH PR comment author would be 'less nice'?
I haven't noticed any downsides, it just means the comments come from the "github-actions" bot
You can also use GITHUB_TOKEN with these permissions:
permissions: contents: read pull-requests: write deployments: write
is this a yaml config that we set somewhere or are you just noting the permissions needed when creating the fine grained token?
Edit: got it, hadn't seen this before: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
then you can just use the secret without having to generate anything https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow
Thoughts on adding needed permissions to the readme?
After some trial and error it seems that the 'new' personal access tokens need the following permissions: