Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Suggestion: Use granular permission for writing contents #112

Open
felladrin opened this issue Apr 28, 2023 · 1 comment
Open

Suggestion: Use granular permission for writing contents #112

felladrin opened this issue Apr 28, 2023 · 1 comment

Comments

@felladrin
Copy link

felladrin commented Apr 28, 2023
edited
Loading

When using granular permissions in the workflow file, we don't need to change Repository Settings >> Actions.

To make use of granular permissions, we need to add the following in the workflow job:

permissions:
    contents: write

So schedules.yml would become:

name: update awesome-stars
on:
  workflow_dispatch:
  schedule:
  - cron: 30 0 * * *
jobs:
  awesome-stars:
    name: update awesome-stars
    runs-on: ubuntu-latest
+   permissions:
+     contents: write
    steps:
    - uses: actions/checkout@v3
    - name: Set up Python
      uses: actions/setup-python@v4
      with:
        python-version: '3.10'
    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install starred
    - name: get repository name
      run: echo "REPOSITORY_NAME=${GITHUB_REPOSITORY#*/}" >> $GITHUB_ENV
    - name: update repo category by language
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        REPOSITORY: ${{ env.REPOSITORY_NAME }}
        USERNAME: ${{ github.repository_owner }}
      run: starred --username ${USERNAME} --repository ${REPOSITORY} --sort --token ${GITHUB_TOKEN} --message 'awesome-stars category by language update by github actions cron, created by starred'
    - name: update repo category by topic
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        REPOSITORY: ${{ env.REPOSITORY_NAME }}
        USERNAME: ${{ github.repository_owner }}
      run: starred --username ${USERNAME} --repository ${REPOSITORY} --sort --token ${GITHUB_TOKEN} --message 'awesome-stars category by topic update by github actions cron, created by starred' --topic --topic_limit 500 --filename topics.md

By adding these two lines, you'll be able to remove this step from the Readme:

starred/README.md

Lines 74 to 76 in 3e1e011

2. [Setting the permissions of the GITHUB_TOKEN for your repository](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository)
set permissions to `Read and write permissions` and click `Save` button

You can see it working here, while Repository Settings >> Actions remains with the default config:
image
@till
Copy link

till commented Oct 29, 2024

This is a bit of a bug by today's standards. The suggested token permissions work really well. No need for a private (personal) GitHub token or the workflow settings currently suggested.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@till @felladrin