Document minimum permissions for GitHub Actions `GITHUB_TOKEN`

[ericcornelissen]

With GitHub Actions it's possible to configure the permissions of the GITHUB_TOKEN (both in repository settings and in workflow files). Depending on how it's configured, this plugin might not work. In particular, setting the token to only have read access (or lower) will probably result in the plugin failing to create a GitHub release. It would be convenient if the required permissions of the token are documented in the README (or elsewhere) so that users don't have to guess and try.

Based on prior experiences I had with creating GitHub releases in GitHub Actions with limited permissions, only the contents: write permission is required (see the GitHub Actions docs for a full overview of permissions).

If someone else already tried to configure the permissions and knows the minimum permissions this plugin needs, please share it 🙂 If not, I'm currently in the process of configuring the permissions of the GITHUB_TOKEN for a project that uses semantic releases, including this plugin. Once I managed to create a release successfully I can add a note about the permissions I used to the documentation of this plugin.

[gr2m]

contents: write is required to create the tags and releases.

issues:write and pulls:write are required for the comments and to create issues in cases a release failed.

A pull request to add this information to the README would be much appreciated

[github-actions]

🎉 This issue has been resolved in version 8.0.3 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀