Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add reference to GitHub action settings #361

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Conversation

penx
Copy link

@penx penx commented Feb 1, 2023

Closes #359

Checklist

Note that this action requires a GitHub token with additional permissions. You must either:

1. Use the [`permissions`](https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#permissions) tag to specify the required rules and under "Settings > Actions > General" check "Allow GitHub Actions to create and approve pull requests".
2. Use a custom token [GitHub account](https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/) with these permissions configured.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

am I mistaken or this is not the setting you were referring to though?

Copy link
Author

@penx penx Feb 1, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My understanding of the instruction before this change was that you had to either

  1. Use the permissions tag in the workflow yaml to specify the required rules

or

  1. Use a custom token GitHub account with these permissions configured.

I extracted these to the list items above and then added

and under "Settings > Actions > General" check "Allow GitHub Actions to create and approve pull requests".

to option 1.

This is the setting I referred to in #359

@simoneb
Copy link
Collaborator

simoneb commented Apr 18, 2023

@penx thanks and apologies for being slow at getting back to this. In principle I'm not against this change, but I'd like to understand better how GitHub behaves in this regard, so I'd really appreciate if you could check and clarify this, as it's not clear from the docs.

There are two things at play here: the permissions in the workflow yaml and the repository setting Preventing GitHub Actions from creating or approving pull requests.

I would like to understand how they interact with each other before we make this change. Here are my questions and doubts:

  • This setting is in the "Workflow permissions" section of the repository configuration. Because there's another setting in that same section and because that setting can be overwritten by using permissions in the workflow yaml, are we sure that those same permissions aren't also overriding the setting Preventing GitHub Actions from creating or approving pull requests?
  • Assuming that answer to the above is no, if we check this setting's checkbox, do we still need the permissions in the workflow yaml?

In other words, I'd like to understand if both permissions and checking this setting are needed, or only one of them. The same applies to using a custom token instead of the built-in GITHUB_TOKEN. If you use a custom token, does the new setting need to be checked or does the custom token override that?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Docs: Add instructions for required Actions settings
2 participants