Skip to content

Commit

Permalink
Add required permissisons to deploy previews (#691)
Browse files Browse the repository at this point in the history 
The actions should only be triggered when a label is set, and only selected users can set labels.

As per https://docs.github.com/en/rest/authentication/permissions-required-for-github-apps?apiVersion=2022-11-28#repository-permissions-for-pull-requests, `contents: write` should be required to push the content to the preview
branch, and `pull-requests: write` should be required for writing the comment.
  • Loading branch information
@gwarf
gwarf authored Jan 9, 2025
1 parent fd7e794 commit 8bcd6bf
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion .github/workflows/deploy_pr_preview.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,9 @@ on:
workflows: ["Build pull request preview"]
types: [completed]

permissions: read-all
permissions:
contents: write
pull-requests: write

jobs:
deploy_pr_preview:
Expand Down

1 comment on commit 8bcd6bf

@github-actions
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@check-spelling-bot Report

🔴 Please review

See the 📜action log or 📝 job summary for details.

❌ Errors Count
❌ no-files-to-check 1

See ❌ Event descriptions for more information.

Please sign in to comment.