Open chvmvd opened 1 year ago
It appears that the default permissions on GITHUB_TOKEN have been changed to read-only. By default, we cannot use this action until we change the settings of Workflow permissions to Read and write permissions. However, Read and write permissions are too much for this action. I think it should be for contents and pull-requests only. JamesIves/github-pages-deploy-action requires write permission for contents and marocchino/sticky-pull-request-comment requires write permission for pull-requests.
GITHUB_TOKEN
Workflow permissions
Read and write permissions
contents
pull-requests
This is my first contribution to OSS, so please let me know if I am wrong.
You can assign permissions to jobs:
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
It appears that the default permissions on
GITHUB_TOKEN
have been changed to read-only. By default, we cannot use this action until we change the settings ofWorkflow permissions
toRead and write permissions
. However,Read and write permissions
are too much for this action. I think it should be forcontents
andpull-requests
only. JamesIves/github-pages-deploy-action requires write permission forcontents
and marocchino/sticky-pull-request-comment requires write permission forpull-requests
.This is my first contribution to OSS, so please let me know if I am wrong.