fix(actions): add permissions (#1363)

ybiquitous · Sep 8, 2022 · cbb2b39 · cbb2b39
1 parent 5ab222b
commit cbb2b39
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 0 deletions.
diff --git a/.github/workflows/npm-audit-fix.yml b/.github/workflows/npm-audit-fix.yml
@@ -8,6 +8,9 @@ on:
 jobs:
   npm-audit-fix:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
     steps:
       - uses: actions/checkout@v3
       - uses: ybiquitous/npm-audit-fix-action@v4

diff --git a/.github/workflows/npm-diff.yml b/.github/workflows/npm-diff.yml
@@ -8,6 +8,9 @@ jobs:
   post-comment:
     if: ${{ contains(github.head_ref, 'dependabot/npm_and_yarn/') }}
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
     steps:
       - uses: actions/checkout@v3
       - uses: ybiquitous/npm-diff-action@v1
diff --git a/test/__snapshots__/init.test.js.snap b/test/__snapshots__/init.test.js.snap
@@ -166,6 +166,9 @@ on:
 jobs:
   npm-audit-fix:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
     steps:
       - uses: actions/checkout@v3
       - uses: ybiquitous/npm-audit-fix-action@v4
@@ -174,6 +177,26 @@ jobs:
 "
 `;
 
+exports[`write ".github/workflows/npm-diff.yml" 1`] = `
+"name: npm diff
+
+on:
+  pull_request:
+    types: [assigned]
+
+jobs:
+  post-comment:
+    if: \${{ contains(github.head_ref, 'dependabot/npm_and_yarn/') }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ybiquitous/npm-diff-action@v1
+"
+`;
+
 exports[`write ".github/workflows/release.yml" 1`] = `
 "name: Release
 

diff --git a/test/init.test.js b/test/init.test.js
@@ -54,6 +54,7 @@ test('update "package.json" without fields', () =>
   ".editorconfig",
   ".remarkignore",
   ".github/workflows/npm-audit-fix.yml",
+  ".github/workflows/npm-diff.yml",
   ".github/workflows/release.yml",
   ".github/workflows/test.yml",
   ".husky/commit-msg",