Suggestion: Use granular permission for writing contents
Opened this issue · 0 comments
felladrin commented
When using granular permissions in the workflow file, we don't need to change Repository Settings >> Actions.
To make use of granular permissions, we need to add the following in the workflow job:
permissions:
contents: write
So schedules.yml would become:
name: update awesome-stars
on:
workflow_dispatch:
schedule:
- cron: 30 0 * * *
jobs:
awesome-stars:
name: update awesome-stars
runs-on: ubuntu-latest
+ permissions:
+ contents: write
steps:
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install starred
- name: get repository name
run: echo "REPOSITORY_NAME=${GITHUB_REPOSITORY#*/}" >> $GITHUB_ENV
- name: update repo category by language
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REPOSITORY: ${{ env.REPOSITORY_NAME }}
USERNAME: ${{ github.repository_owner }}
run: starred --username ${USERNAME} --repository ${REPOSITORY} --sort --token ${GITHUB_TOKEN} --message 'awesome-stars category by language update by github actions cron, created by starred'
- name: update repo category by topic
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REPOSITORY: ${{ env.REPOSITORY_NAME }}
USERNAME: ${{ github.repository_owner }}
run: starred --username ${USERNAME} --repository ${REPOSITORY} --sort --token ${GITHUB_TOKEN} --message 'awesome-stars category by topic update by github actions cron, created by starred' --topic --topic_limit 500 --filename topics.md
By adding these two lines, you'll be able to remove this step from the Readme:
Lines 74 to 76 in 3e1e011
You can see it working here, while Repository Settings >> Actions remains with the default config: