From 752eff1c9f377e5f6bb5be0de122e79b109f7489 Mon Sep 17 00:00:00 2001
From: Nogic <24802730+nogic1008@users.noreply.github.com>
Date: Sun, 5 May 2024 09:20:28 +0900
Subject: [PATCH] feat: add token permisson explicitly (#968)
* docs: add `pull-requests:write` permission on description
* docs: add permissions on example
* ci(gh-actions): add permissons
---
.github/workflows/nodejs.yml | 3 +++
.github/workflows/site-cat.yml | 5 ++++-
README-ja.md | 16 +++++++++++-----
README.md | 8 +++++++-
action.yml | 2 +-
5 files changed, 26 insertions(+), 8 deletions(-)
diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml
index 18da3351..2c9e4e08 100644
--- a/.github/workflows/nodejs.yml
+++ b/.github/workflows/nodejs.yml
@@ -83,6 +83,9 @@ jobs:
- windows-2022
- windows-2019
runs-on: ${{ matrix.os }}
+ permissions:
+ issues: write
+ pull-requests: write
steps:
- name: Checkout
uses: actions/checkout@v4.1.4
diff --git a/.github/workflows/site-cat.yml b/.github/workflows/site-cat.yml
index 8bbcce47..e87eef07 100644
--- a/.github/workflows/site-cat.yml
+++ b/.github/workflows/site-cat.yml
@@ -8,8 +8,11 @@ jobs:
post:
runs-on: ubuntu-latest
if: (!contains(github.actor, '[bot]'))
+ permissions:
+ issues: write
+ pull-requests: write
steps:
- - uses: ddradar/lgtm-action@v1
+ - uses: ddradar/lgtm-action@v3.0.0
with:
image-url: ${{ vars.LGTM_IMAGE_URI }}
search-pattern: ${{ vars.LGTM_SEARCH_PATTERN }}
diff --git a/README-ja.md b/README-ja.md
index 55b571e7..90ac4499 100644
--- a/README-ja.md
+++ b/README-ja.md
@@ -37,6 +37,9 @@ on:
jobs:
post:
runs-on: ubuntu-latest
+ permissions:
+ issues: write
+ pull-requests: write
steps:
- uses: ddradar/lgtm-action@v2.0.2
with:
@@ -60,6 +63,9 @@ jobs:
post:
runs-on: ubuntu-latest
if: (!contains(github.actor, '[bot]')) # botのコメントを除く
+ permissions:
+ issues: write
+ pull-requests: write
steps:
- uses: ddradar/choose-random-action@v1
id: act
@@ -75,11 +81,11 @@ jobs:
## Options
-| 名称 | 必須 | 説明 | デフォルト |
-| -------------- | :----: | :----------------------------------------------------------------------------------------------------------------- | --------------------- |
-| image-url | はい | 画像URL | - |
-| search-pattern | いいえ | このアクションが反応する正規表現パターンをセットします。
複数行検索(`RegExp.prototype.multiline`)を行います。 | `^(lgtm\|LGTM)$` |
-| token | いいえ | issue にコメントするために使用する、GitHub のアクセストークン。(`issues:write`権限が必要です) | `${{ github.token }}` |
+| 名称 | 必須 | 説明 | デフォルト |
+| -------------- | :----: | :------------------------------------------------------------------------------------------------------------------- | --------------------- |
+| image-url | はい | 画像URL | - |
+| search-pattern | いいえ | このアクションが反応する正規表現パターンをセットします。
複数行検索(`RegExp.prototype.multiline`)を行います。 | `^(lgtm\|LGTM)$` |
+| token | いいえ | issue にコメントするために使用する、GitHub のアクセストークン。(`issues:write`と`pull-requests:write`権限が必要です) | `${{ github.token }}` |
## Screenshots
diff --git a/README.md b/README.md
index 82f0f46f..442f83e7 100644
--- a/README.md
+++ b/README.md
@@ -37,6 +37,9 @@ on:
jobs:
post:
runs-on: ubuntu-latest
+ permissions:
+ issues: write
+ pull-requests: write
steps:
- uses: ddradar/lgtm-action@v2.0.2
with:
@@ -59,6 +62,9 @@ jobs:
post:
runs-on: ubuntu-latest
if: (!contains(github.actor, '[bot]')) # Exclude bot comment
+ permissions:
+ issues: write
+ pull-requests: write
steps:
- uses: ddradar/choose-random-action@v2
id: act
@@ -78,7 +84,7 @@ jobs:
| -------------- | :-------: | :------------------------------------------------------------------------------------------------------------ | --------------------- |
| image-url | Yes | Set your image URL | - |
| search-pattern | No | Set regexp pattern this action reacts.
This action uses Multi-line(`RegExp.prototype.multiline`) search. | `^(lgtm\|LGTM)$` |
-| token | No | GitHub Access Token to post issue comment. (requires `issues:write` permission) | `${{ github.token }}` |
+| token | No | GitHub Access Token to post issue comment. (requires `issues:write` and `pull-requests:write` permission) | `${{ github.token }}` |
## Screenshots
diff --git a/action.yml b/action.yml
index 0b0a60a8..7bb2af53 100644
--- a/action.yml
+++ b/action.yml
@@ -6,7 +6,7 @@ inputs:
description: >
GitHub Access Token to create issue comment.
In many cases, you do not need to prepare yourself. (provided by GitHub Actions)
- Token must have issues:write permission.
+ Token must have issues:write and pull-requests:write permission.
required: false
default: ${{ github.token }}
image-url: