Open Bekreth opened 3 years ago
Thought I'd chime in here. I was able to get away with an even more minimal permission. I'm adding PRs to a repo project board. Since the action uses the event data to know which PR it is, it doesn't need to make any requests for it (ie pull-requests: none
). I assume this would be similar for issues.
My permissions were as follows (Omitting permissions will default most of them to none
):
permissions:
repository-projects: write
Given that this project can use the
GITHUB_TOKEN
, I think the README should include the minimum necessary permissions for the actions to run successfully. Something like this(assuming this is the correct minimum permissions filter for the operation of the action)