fix: add issues: read permissions for pr-comments

[shenxianpeng]

closes #143

Summary by CodeRabbit

• Documentation

  • Updated setup instructions to clarify required permissions and configuration steps for PR comments functionality.

• Chores

  • Updated workflow configuration to align with permission requirements.

[coderabbitai]

Walkthrough

This PR updates the commit-check workflow configuration and documentation to include the issues: read permission required for PR comment functionality. It also normalizes the pull_request branches filter from a string to an array format in the workflow file.

Changes

Cohort / File(s)	Change Summary
Workflow Configuration .github/workflows/commit-check.yml	Normalizes pull_request branches filter to array format (['main']); adds issues: read permission to the commit-check job to support PR comments functionality.
Documentation Updates README.md	Adds issues: read permission to the usage example and expands the pr-comments explanation to clarify that this permission is required because pull requests use the GitHub Issues API.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

• Straightforward permission and documentation updates with clear rationale
• Both changes are aligned and address a specific permission requirement
• No logic changes or complex interactions to validate

Possibly related issues

• #143: Directly addresses the 403 "Resource not accessible by integration" error encountered when using pr-comments by documenting and adding the required issues: read permission to both workflow and README examples.

Suggested labels

documentation, skip-changelog

Poem

🐰 A permission small, yet mighty true,
Makes comments dance in PR's debut,
Issues API now has its say,
And docs light up the proper way! 🌟

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately describes the main change: adding the issues: read permission for PR comments functionality.
Linked Issues check	✅ Passed	The PR addresses issue #143 by documenting and implementing the required issues: read permission for PR comment operations, resolving the 403 permission error.
Out of Scope Changes check	✅ Passed	All changes in the PR are directly related to fixing the permissions issue: workflow file updates and documentation changes align with the linked issue requirements.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/patch-1

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull Request Overview

This PR adds the issues: read permission to support the pr-comments feature, which requires access to the GitHub Issues API (since pull requests use the Issues API internally).

• Added issues: read permission to both the example workflow in README.md and the actual commit-check.yml workflow
• Enhanced documentation to clarify that using pr-comments requires both GITHUB_TOKEN and issues: read permission
• Updated branches syntax from string to array format for consistency with YAML best practices

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
README.md	Added issues: read permission to example workflow and updated pr-comments documentation to clarify permission requirements
.github/workflows/commit-check.yml	Added issues: read permission and standardized branches syntax to array format

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6e021a9 and 3059b33.

📒 Files selected for processing (2)

• .github/workflows/commit-check.yml (1 hunks)
• README.md (2 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-09-11T18:28:14.075Z

Learnt from: shenxianpeng
Repo: commit-check/commit-check-action PR: 0
File: :0-0
Timestamp: 2025-09-11T18:28:14.075Z
Learning: Documentation-only PRs that update README files, badges, or examples do not require unit test generation.

Applied to files:

• README.md

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Upload results

🔇 Additional comments (3)

.github/workflows/commit-check.yml (1)

5-5: YAML syntax normalization: string to array format.

The branch filter has been normalized from a string ('main') to array syntax (['main']). Both are valid YAML, but the array format is more conventional for GitHub Actions. This change is non-functional.

README.md (2)

49-49: Documentation alignment: usage example updated.

The usage example now includes issues: read permission, matching the updated workflow file. This keeps documentation in sync with requirements.

---

127-129: Clear documentation of PR-comments permission requirements.

The pr-comments section now explicitly documents the two-part requirement (GITHUB_TOKEN + issues: read permission) and explains why the issue-scoped permission is needed. This is helpful for users and directly addresses the confusion highlighted in issue #143.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify that issues: read is sufficient for posting PR comments.

The PR adds issues: read permission to enable PR comment posting. However, the linked issue #143 indicates the reporter resolved the 403 error by adding issues: write, which suggests write access may be required to post comments.

Please verify that issues: read alone is sufficient to post PR comments, or confirm whether issues: write should be used instead.

---

🌐 Web query:

GitHub Actions permissions for posting pull request comments - issues read vs write requirements

💡 Result:

Short answer: to post (create/update/delete) a pull request comment from a GitHub Action you need the Issues write permission (or Pull requests write in some cases). Pull request comments are handled by the Issues API (every PR is also an issue), and the REST endpoints for creating/updating/deleting issue comments require write repository permission for "Issues" (or an equivalent "Pull requests: write" permission listed for some endpoints). Configure your GITHUB_TOKEN with e.g.

permissions:
issues: write

(or pull-requests: write) in the workflow if the token's default permissions do not allow it. See GitHub docs for the issue-comments endpoints and token permission control. [1][2][3]

Sources:
[1] REST API — Issue comments (create/update/delete) (GitHub Docs). (docs.github.com)
[2] REST API — Issues endpoints (permissions required: "Issues" repo permissions write / or "Pull requests" write for some actions). (docs.github.com)
[3] Controlling permissions for GITHUB_TOKEN in Actions (how to set issues: write / pull-requests: write). (docs.github.com)

Citations:

• 1: https://docs.github.com/en/enterprise-server%403.17/rest/issues/comments?utm_source=openai
• 2: https://docs.github.com/en/rest/issues/issues?utm_source=openai
• 3: https://docs.github.com/ko/actions/how-tos/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github_token?utm_source=openai

---

Change issues: read to issues: write to enable PR comment posting.

To post (create/update/delete) a pull request comment from a GitHub Action, you need the Issues write permission. Pull request comments are handled by the Issues API, and the REST endpoints for creating/updating/deleting issue comments require write repository permission for "Issues". The current configuration with issues: read will fail with a 403 error. Update line 13 to issues: write.

🤖 Prompt for AI Agents

.github/workflows/commit-check.yml around lines 11 to 14: the workflow currently
sets "issues: read" which prevents the action from creating/updating/deleting PR
comments; change the permission to "issues: write" on line 13 so the workflow
has write access to the Issues API and can post PR comments, keeping the rest of
the permissions unchanged.

[github-actions]

Commit-Check ✔️