action-dependabot-auto-merge
action-dependabot-auto-merge copied to clipboard
Github Token with Permissions
Is it possible to use the github provided token (instead of a PAT) with permissions (for a privately hosted repository using pull_request_target)? If so, what are the permissions that are required?
I would like to use this action to approve and merge dependabot PRs once the rest of my CI checks pass. Note that some of my CI checks are not actions.
What's the status of this issue ticket? It's a burden to generate a new token for each repo, because you can't look at the token value.
I tried
permissions:
contents: write
pull-requests: write
and
permissions: write-all
to no avail.
I'm now looking into creating a machine user instead, using which I'll create a custom PAT. Which sucks.
I migrated to https://github.com/fastify/github-action-merge-dependabot
auto-merge:
needs: ci_dev
permissions:
contents: write
pull-requests: write
runs-on: ubuntu-latest
steps:
- uses: fastify/[email protected]
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
target: minor