search

stefanzweifel / git-auto-commit-action

Automatically commit and push changed files back to GitHub with this GitHub Action for the 80% use case.
MIT License
1.96k stars 226 forks source link

Document minimum set of permissions required by this action #179

Closed ericcornelissen closed 2 years ago

ericcornelissen commented 2 years ago

If permissions: read-all (or something similar, ref) is set at the top-level of a workflow this action won't work. It would be helpful if the documentation included a description of the minimum set of permissions required by this action. From my testing, it seems the minimum required permission is content: write (ref). So, a full example would be:

name: php-cs-fixer

on:
  pull_request:
  push:
    branches:
      - "main"

permissions: read-all

jobs:
  example:
    runs-on: ubuntu-latest

    permissions:
      contents: write

    steps:
    - uses: actions/checkout@v2
      with:
        ref: ${{ github.head_ref }}

    - name: Run php-cs-fixer
      uses: docker://oskarstark/php-cs-fixer-ga

    - uses: stefanzweifel/git-auto-commit-action@v4
      with:
        commit_message: Apply php-cs-fixer changes

I can draft a paragraph on this topic and add it with a Pull Request, but I'm not sure where in the README it should go.

stefanzweifel commented 2 years ago

Thanks for reporting! (TIL that there is a permissions option.)

Maybe we can add this near this line?

Note that the Action has to be used in a Job that runs on a UNIX system (eg. ubuntu-latest).

Maybe something along the lines of:

If you modify the default permission of the GITHUB_TOKEN, give the workflow or job at least the contents: write permission.

Feel free to submit a PR for this.

ericcornelissen commented 2 years ago

Not a problem - I also just learned about it over the weekend. I'll open a PR in a bit going off of your suggestions :slightly_smiling_face: