assign-one-project-github-action icon indicating copy to clipboard operation
assign-one-project-github-action copied to clipboard

Published 20 hours ago verified publisher icon srggrs

Include minimum permission needs in README.md

Open Bekreth opened this issue 3 years ago • 1 comments

Given that this project can use the GITHUB_TOKEN, I think the README should include the minimum necessary permissions for the actions to run successfully. Something like this

permissions:
  actions: none
  checks: none
  contents: none
  deployments: none
  issues: write
  packages: none
  pull-requests: write
  repository-projects: write
  security-events: none
  statuses: none

(assuming this is the correct minimum permissions filter for the operation of the action)

Bekreth avatar May 08 '21 12:05 Bekreth

Thought I'd chime in here. I was able to get away with an even more minimal permission. I'm adding PRs to a repo project board. Since the action uses the event data to know which PR it is, it doesn't need to make any requests for it (ie pull-requests: none). I assume this would be similar for issues.

My permissions were as follows (Omitting permissions will default most of them to none):

permissions:
  repository-projects: write

chadfawcett avatar Aug 11 '21 22:08 chadfawcett