From 92d4fc69d8b9218539d1a930c56a619f1f5da09d Mon Sep 17 00:00:00 2001 From: Falk Puschner Date: Mon, 14 Jun 2021 16:05:16 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=93=9D=20Add=20requested=20permissions=20?= =?UTF-8?q?(#492)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * :memo: add requested permissions * :memo: add minor improvement * :memo: add required/recommended perimissions * :memo: fix typo Co-authored-by: Geoffrey Testelin * :memo: update recommended permissions * :memo: update required permissions * :memo: change permissions * :memo: update recommended permissions * :pencil2: remove typo Co-authored-by: Geoffrey Testelin Co-authored-by: Geoffrey Testelin --- README.md | 57 +++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 45 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 5909d38e2..5dd6e7f1c 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,27 @@ The default configuration will: - Close the stale issues and pull requests after 7 days of inactivity - If an update/comment occur on stale issues or pull requests, the stale label will be removed and the timer will restart +## Recommended permissions + +For the execution of this action, it must be able to fetch all issues and pull requests from your repository. +This can be achieved with the following [configuration in the action](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#permissions) if the permissions are restricted: + +```yaml +permissions: + issues: read + pull-requests: read +``` + +In addition, based on the provided configuration, the action could require more permission(s) (e.g.: add label, remove label, comment, close, etc.). +You can find more information about the required permissions under the corresponding options that you wish to use. +However, if don't want to bother, you can use these permissions: + +```yaml +permissions: + issues: write + pull-requests: write +``` + ## All options ### List of input options @@ -159,7 +180,8 @@ The message that will be added as a comment to the issues when the stale workflo You can skip the comment sending by omitting the option or by passing an empty string. -Default value: unset +Default value: unset +Required Permission: `issues: write` #### stale-pr-message @@ -167,47 +189,54 @@ The message that will be added as a comment to the pull requests when the stale You can skip the comment sending by omitting the option or by passing an empty string. -Default value: unset +Default value: unset +Required Permission: `pull-requests: write` #### close-issue-message The message that will be added as a comment to the issues when the stale workflow closes it automatically after being stale for too long. -Default value: unset +Default value: unset +Required Permission: `issues: write` #### close-pr-message The message that will be added as a comment to the pull requests when the stale workflow closes it automatically after being stale for too long. -Default value: unset +Default value: unset +Required Permission: `pull-requests: write` #### stale-issue-label The label that will be added to the issues when automatically marked as stale. If you wish to speedup the stale workflow for the issues, you can add this label manually to mark as stale. -Default value: `Stale` +Default value: `Stale` +Required Permission: `issues: write` #### close-issue-label The label that will be added to the issues when closed automatically. It will be automatically removed if the issues are no longer closed nor locked. -Default value: unset +Default value: unset +Required Permission: `issues: write` #### stale-pr-label The label that will be added to the pull requests when automatically marked as stale. If you wish to speedup the stale workflow for the pull requests, you can add this label manually to mark as stale. -Default value: `Stale` +Default value: `Stale` +Required Permission: `pull-requests: write` #### close-pr-label The label that will be added to the pull requests when closed automatically. It will be automatically removed if the pull requests are no longer closed nor locked. -Default value: unset +Default value: unset +Required Permission: `pull-requests: write` #### exempt-issue-labels @@ -298,13 +327,15 @@ Default value: `30` Automatically remove the stale label when the issues or the pull requests are updated (based on [GitHub issue](https://docs.github.com/en/rest/reference/issues) field `updated_at`). -Default value: `true` +Default value: `true` +Required Permission: `issues: write` and `pull-requests: write` #### remove-issue-stale-when-updated Override [remove-stale-when-updated](#remove-stale-when-updated) but only to automatically remove the stale label when the issues are updated (based on [GitHub issue](https://docs.github.com/en/rest/reference/issues) field `updated_at`). -Default value: unset +Default value: unset +Required Permission: `issues: write` #### remove-pr-stale-when-updated @@ -345,7 +376,8 @@ A comma delimited list of labels to remove when a stale issue or pull request re Warning: each label results in a unique API call which can drastically consume the limit of [operations-per-run](#operations-per-run). -Default value: unset +Default value: unset +Required Permission: `pull-requests: write` #### debug-only @@ -380,7 +412,8 @@ Default value: unset If set to `true`, the stale workflow will automatically delete the GitHub branches related to the pull requests automatically closed by the stale workflow. -Default value: `false` +Default value: `false` +Required Permission: `pull-requests: write` #### exempt-milestones