Conversation
| Note that this action requires a GitHub token with additional permissions. You must either: | ||
|
|
||
| 1. Use the [`permissions`](https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#permissions) tag to specify the required rules and under "Settings > Actions > General" check "Allow GitHub Actions to create and approve pull requests". | ||
| 2. Use a custom token [GitHub account](https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/) with these permissions configured. |
There was a problem hiding this comment.
am I mistaken or this is not the setting you were referring to though?
There was a problem hiding this comment.
My understanding of the instruction before this change was that you had to either
- Use the
permissionstag in the workflow yaml to specify the required rules
or
- Use a custom token GitHub account with these permissions configured.
I extracted these to the list items above and then added
and under "Settings > Actions > General" check "Allow GitHub Actions to create and approve pull requests".
to option 1.
This is the setting I referred to in #359
|
@penx thanks and apologies for being slow at getting back to this. In principle I'm not against this change, but I'd like to understand better how GitHub behaves in this regard, so I'd really appreciate if you could check and clarify this, as it's not clear from the docs. There are two things at play here: the I would like to understand how they interact with each other before we make this change. Here are my questions and doubts:
In other words, I'd like to understand if both permissions and checking this setting are needed, or only one of them. The same applies to using a custom token instead of the built-in GITHUB_TOKEN. If you use a custom token, does the new setting need to be checked or does the custom token override that? |
2 participants
Closes #359
Checklist
npm run testandnpm run benchmarkand the Code of conduct