Update token permissions documentation 🗝️ #1162

	---

	name: Differential ShellCheck
	on:
	push:
	pull_request:
	branches: [ main ]

	permissions:
	contents: read

	jobs:
	lint:
	name: Test latest changes
	runs-on: ubuntu-latest

	permissions:
	security-events: write

	steps:
	# Let's have this log of GitHub context for further development and debugging
	- name: Dump GitHub context
	env:
	GITHUB_CONTEXT: ${{ toJson(github) }}
	run: echo "$GITHUB_CONTEXT"

	- name: Repository checkout
	uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
	with:
	fetch-depth: 0

	# Replace docker://ghcr.io/redhat-plumbers-in-action/differential-shellcheck:vX.Y.Z with Dockerfile
	- name: Edit an action.yml file to test current changes
	run: \|
	sed -i "s/docker:\/\/ghcr\.io\/redhat-plumbers-in-action\/differential-shellcheck.*/Dockerfile/g" action.yml

	- name: Differential ShellCheck - test current changes
	id: ShellCheck
	uses: ./
	with:
	exclude-path: \|
	test/**
	src/**.{zsh,osh}
	display-engine: sarif-fmt
	token: ${{ secrets.GITHUB_TOKEN }}

	- if: always()
	name: Upload artifact with defects in SARIF format
	uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
	with:
	name: Differential ShellCheck SARIF
	path: ${{ steps.ShellCheck.outputs.sarif }}
	retention-days: 7

	- if: always()
	name: Upload artifact with defects in XHTML format
	uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
	with:
	name: Differential ShellCheck HTML
	path: ${{ steps.ShellCheck.outputs.html }}
	retention-days: 7

Provide feedback