action-dependabot-auto-merge icon indicating copy to clipboard operation
action-dependabot-auto-merge copied to clipboard

Published 20 hours ago verified publisher icon ahmadnassri

Github Token with Permissions

Open CalebC-RW opened this issue 3 years ago • 3 comments

Is it possible to use the github provided token (instead of a PAT) with permissions (for a privately hosted repository using pull_request_target)? If so, what are the permissions that are required?

I would like to use this action to approve and merge dependabot PRs once the rest of my CI checks pass. Note that some of my CI checks are not actions.

CalebC-RW avatar Jun 30 '21 16:06 CalebC-RW

What's the status of this issue ticket? It's a burden to generate a new token for each repo, because you can't look at the token value.

MartinX3 avatar Jan 20 '22 02:01 MartinX3

I tried

permissions:
  contents: write
  pull-requests: write

and

permissions: write-all

to no avail.

I'm now looking into creating a machine user instead, using which I'll create a custom PAT. Which sucks.

lestephane avatar Jul 14 '22 16:07 lestephane

I migrated to https://github.com/fastify/github-action-merge-dependabot

auto-merge:
    needs: ci_dev
    permissions:
        contents: write
        pull-requests: write
    runs-on: ubuntu-latest
    steps:
        - uses: fastify/[email protected]
          with:
              github-token: ${{ secrets.GITHUB_TOKEN }}
              target: minor

MartinX3 avatar Jul 14 '22 16:07 MartinX3