From 6d47681a81dde788786f6b4c840fd75cd69cfe29 Mon Sep 17 00:00:00 2001
From: tombui99 <tom.quang.bui@gmai.com>
Date: Mon, 11 Dec 2023 13:41:31 +1100
Subject: [PATCH] Updated best practice to use github token and grant
 permission to create issues

---
 .github/workflows/test.yml | 4 +++-
 README.md                  | 9 ++++++---
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index ee6a777..451619f 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -6,13 +6,15 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions: 
+      issues: write
     steps:
       - uses: actions/checkout@v3
       - name: CodeAuditor Workflow
         uses: SSWConsulting/codeauditor-scan-site@1.0.0
         with:
           # Your CodeAuditor token
-          token: ${{ vars.CODEAUDITORTOKEN }}
+          token: ${{ secrets.CODEAUDITORTOKEN }}
           # Your Scan URL
           url: ${{ vars.SCANURL }}
           # Your GitHub Token
diff --git a/README.md b/README.md
index 7e40af1..2f96af4 100644
--- a/README.md
+++ b/README.md
@@ -36,7 +36,8 @@ This workflow action runs CodeAuditor scan on your website and creates new GitHu
 
 | name         | required | type  | description |
 | ------------ | ---      | ------ | ----------- |
-| GitHub_Token        | yes      | string | Your GitHub personal access token used to fetch data. Pass a secret by for instance using `${{ secrets.GH_TOKEN }}`. [Go here](https://github.com/settings/tokens/new?scopes=read:user) to generate one
+| GitHub_Token        | yes      | string | Your repo default GitHub token i.e. using `${{ github.token }}` 
+| | | | Make sure you grant the token permission to create issue
 | token     | yes      | string | Your personal CodeAuditor token that can be found on CodeAuditor's How It Works page
 | url       | yes      | string | The url used on your CodeAuditor scan
 
@@ -60,15 +61,17 @@ name: Test CodeAuditor Workflow
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions: 
+      issues: write
     steps:
       - uses: actions/checkout@v3
       - name: CodeAuditor Feedback Loop Workflow
         uses: tombui99/codeauditor-github-workflow@v1.0.0
         with:
           # Your CodeAuditor token
-          token: ${{ vars.CODEAUDITORTOKEN }}
+          token: ${{ secrets.CODEAUDITORTOKEN }}
           # Your Scan URL
           url: ${{ vars.SCANURL }}
           # Your GitHub Token
-          GitHub_Token: ${{secrets.GH_TOKEN}}
+          GitHub_Token: ${{ github.token }}
 ```