fix: github pat in documentation examples (#423)

* fix: github pat in documentation examples Signed-off-by: David Calvert <david@0xdc.me> * docs: 📝 (#422) add missing GITHUB_TOKEN permissions * fix: (#422) add missing job permissions out of convenience reasons --------- Signed-off-by: David Calvert <david@0xdc.me> Co-authored-by: andy Augustin <AndreasAugustin@users.noreply.github.com> Co-authored-by: Andy Augustin <dev@andreas-augustin.org>
AndreasAugustin · Dec 30, 2023 · aea6128 · aea6128
1 parent ba2b26d
commit aea6128
Show file tree

Hide file tree

Showing 8 changed files with 57 additions and 16 deletions.
diff --git a/.github/workflows/actions_template_sync.yml b/.github/workflows/actions_template_sync.yml
@@ -10,6 +10,9 @@ on:
 jobs:
  repo-sync:
  runs-on: ubuntu-latest
+ permissions:
+ contents: write
+ pull-requests: write
 
  steps:
  # To use this repository's private action, you must check out the repository

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -13,6 +13,9 @@ jobs:
  call_test_all:
  uses: ./.github/workflows/test_all.yml
  secrets: inherit
+ permissions:
+ contents: write
+ pull-requests: write
  call_release_please:
  needs:
  - call_shellcheck

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -11,7 +11,9 @@ on:
 jobs:
  test-implementation-job:
  runs-on: ubuntu-latest
-
+ permissions:
+ contents: write
+ pull-requests: write
  steps:
  # To use this repository's private action, you must check out the repository
  - name: Checkout

diff --git a/.github/workflows/test_all.yml b/.github/workflows/test_all.yml
@@ -12,12 +12,24 @@ jobs:
  call_test_hooks:
  uses: ./.github/workflows/test_hooks.yml
  secrets: inherit
+ permissions:
+ contents: write
+ pull-requests: write
  call_test_ssh_gitlab:
  uses: ./.github/workflows/test_ssh_gitlab.yml
  secrets: inherit
+ permissions:
+ contents: write
+ pull-requests: write
  call_test_ssh:
  uses: ./.github/workflows/test_ssh.yml
  secrets: inherit
+ permissions:
+ contents: write
+ pull-requests: write
  call_test:
  uses: ./.github/workflows/test.yml
  secrets: inherit
+ permissions:
+ contents: write
+ pull-requests: write
diff --git a/.github/workflows/test_hooks.yml b/.github/workflows/test_hooks.yml
@@ -11,7 +11,9 @@ on:
 jobs:
  test-implementation-job:
  runs-on: ubuntu-latest
-
+ permissions:
+ contents: write
+ pull-requests: write
  steps:
  # To use this repository's private action, you must check out the repository
  - name: Checkout

diff --git a/.github/workflows/test_ssh.yml b/.github/workflows/test_ssh.yml
@@ -11,7 +11,9 @@ on:
 jobs:
  test-implementation-job:
  runs-on: ubuntu-latest
-
+ permissions:
+ contents: write
+ pull-requests: write
  steps:
  # To use this repository's private action, you must check out the repository
  - name: Checkout

diff --git a/.github/workflows/test_ssh_gitlab.yml b/.github/workflows/test_ssh_gitlab.yml
@@ -11,7 +11,9 @@ on:
 jobs:
  test-implementation-job:
  runs-on: ubuntu-latest
-
+ permissions:
+ contents: write
+ pull-requests: write
  steps:
  # To use this repository's private action, you must check out the repository
  - name: Checkout

diff --git a/README.md b/README.md
@@ -79,13 +79,20 @@ on:
 jobs:
  repo-sync:
  runs-on: ubuntu-latest
+ # https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
+ permissions:
+ contents: write
+ pull-requests: write
 
  steps:
  # To use this repository's private action, you must check out the repository
  - name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
+ with:
+ token: ${{ secrets.GITHUB_TOKEN }}
+
  - name: actions-template-sync
- uses: AndreasAugustin/actions-template-sync@v1.1.3
+ uses: AndreasAugustin/actions-template-sync@v1.1.8
  with:
  github_token: ${{ secrets.GITHUB_TOKEN }}
  source_repo_path: <owner/repo>
@@ -117,12 +124,14 @@ jobs:
  with:
  app_id: ${{ secrets.APP_ID }}
  private_key: ${{ secrets.PRIVATE_KEY }}
+
  - name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
  with:
  token: ${{ steps.generate_token.outputs.token }}
+
  - name: actions-template-sync
- uses: AndreasAugustin/actions-template-sync@v1.1.3
+ uses: AndreasAugustin/actions-template-sync@v1.1.8
  with:
  github_token: ${{ steps.generate_token.outputs.token }}
  source_repo_path: <owner/repo>
@@ -144,13 +153,20 @@ It is also possible to use a different git provider, e.g. GitLab.
 jobs:
  repo-sync:
  runs-on: ubuntu-latest
+ # https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
+ permissions:
+ contents: write
+ pull-requests: write
 
  steps:
  # To use this repository's private action, you must check out the repository
  - name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
+ with:
+ token: ${{ secrets.GITHUB_TOKEN }}
+
  - name: actions-template-sync
- uses: AndreasAugustin/actions-template-sync@v1.1.3
+ uses: AndreasAugustin/actions-template-sync@v1.1.8
  with:
  github_token: ${{ secrets.GITHUB_TOKEN }}
  source_repo_path: ${{ secrets.SOURCE_REPO_PATH }} # <owner/repo>, should be within secrets
@@ -197,14 +213,13 @@ jobs:
 
  steps:
  # To use this repository's private action, you must check out the repository
- -
- name: Checkout
- uses: actions/checkout@v3
+ - name: Checkout
+ uses: actions/checkout@v4
  with:
  token: ${{ secrets.CUSTOM_GITHUB_PAT }}
- -
-   name: Test action step PAT
- uses: AndreasAugustin/actions-template-sync@v1.1.0
+
+ - name: Test action step PAT
+ uses: AndreasAugustin/actions-template-sync@v1.1.8
  with:
  github_token: ${{ secrets.CUSTOM_GITHUB_PAT }}
  source_repo_path: ${{ secrets.SOURCE_REPO_PATH }} # <owner/repo>, should be within secrets