Open jsoref opened 9 months ago
Thank you for the feedback. I have created https://github.com/GitHubSecurityLab/actions-permissions/pull/29 for unknown permissions.
As for Do surface the api call(s)
have tried https://github.com/GitHubSecurityLab/actions-permissions/blob/f62d32cd684392a758c627a58e0756b734bd54fd/monitor/README.md?plain=1#L46? It provides much more logging.
The current code is unhelpful for various reasons: https://github.com/GitHubSecurityLab/actions-permissions/blob/3dcbd6bb270cd62b67703a6c1aef904ace6a3bf3/monitor/index.js#L76-L77
It generates markdown with a workflow snippet like:
Minimal required permissions:
But if someone were to add this permission, it'd result in the workflow failing:
It doesn't use at least
::warning
or similar to call out the item https://github.com/jsoref/check-spelling/actions/runs/7331431111/job/19964051747#step:12:2The grammar in the readme is off: https://github.com/GitHubSecurityLab/actions-permissions/blob/8ecfc0d800e75e5774f8eebc81b3f48f214b8ca4/monitor/README.md?plain=1#L62
Expected results
# ...
in the generated workflow contentUser-Agent
, it should be possible to at least identify the objects being queried