Workflow minimum permissions
josecm opened this issue · 1 comments
I'd like to limit the permissions of the dependent issue job in the workflow?
Could you help me understand what are the minimum permissions required for checking for dependent pull-request? This includes pull-requests from branches internal to the repository as well as forks.
Sure thing,
The action needs to be able to do the following:
- Read issues & Pull requests (including comments)
- Add/Remove labels
- Add/Remove issue comments
- Update commit status
If you are planning on adding a PAT instead of the default GITHUB_TOKEN then the following should work at least for public repositories (though I didn't try it recently). If it doesn't then I'm afraid you have to enable repo
If you want to limit the job permissions then I think the following is needed:
permissions:
issues: write
pull-requests: write
statuses: write
# everything else can be "none"One side note: the action also supports GITHUB_READ_TOKEN which is helpful if you want to depend on issues from different private repositories but don't want to give the action write access there.