Closed josecm closed 2 years ago
Sure thing,
The action needs to be able to do the following:
If you are planning on adding a PAT instead of the default GITHUB_TOKEN
then the following should work at least for public repositories (though I didn't try it recently). If it doesn't then I'm afraid you have to enable repo
If you want to limit the job permissions then I think the following is needed:
permissions:
issues: write
pull-requests: write
statuses: write
# everything else can be "none"
One side note: the action also supports GITHUB_READ_TOKEN
which is helpful if you want to depend on issues from different private repositories but don't want to give the action write access there.
I'd like to limit the permissions of the dependent issue job in the workflow?
Could you help me understand what are the minimum permissions required for checking for dependent pull-request? This includes pull-requests from branches internal to the repository as well as forks.