Mention new permission requirements in usage docs

Starting February 2nd 2023, GitHub changed the default permissions of the GITHUB_TOKEN to be read-only in all new repositories.[1]

git-auto-commits needs `write`-permissions for the `contents`-key in order to work properly.
This commits updates the usage section, to mention the need for the permission requirements. The examples have also been updated to reflect that change.

[1]: https://github.blog/changelog/2023-02-02-github-actions-updating-the-default-github_token-permissions-to-read-only/
This commit is contained in:
Stefan Zweifel 2023-02-11 21:29:07 +01:00
parent ccd4d054a5
commit f0b35f0a73
No known key found for this signature in database

View File

@ -13,14 +13,42 @@ If you want to learn more how this Action works under the hood, check out [this
## Usage
Add the following step at the end of your job, after other steps that might add or change files.
Adding git-auto-commit to your Workflow only takes a couple lines of code.
1. Set the `contents`-permission of the default GITHUB_TOKEN to `true`. (Required to push new commits to the repository)
2. Add the following step at the end of your job, after other steps that might add or change files.
```yaml
- uses: stefanzweifel/git-auto-commit-action@v4
```
Note that the Action has to be used in a Job that runs on a UNIX system (e.g. `ubuntu-latest`).
If you don't use the default permission of the GITHUB_TOKEN, give the Job or Workflow at least the `contents: write` permission.
Your Workflow should look similar to this example.
```yaml
name: Format
on: push
jobs:
format-code:
runs-on: ubuntu-latest
permissions:
# Give the default GITHUB_TOKEN write permission to commit and push the
# updated CHANGELOG back to the repository.
contents: write
steps:
- uses: actions/checkout@v3
# Other steps that change files in the repository
# Commit all changed files back to the repository
- uses: stefanzweifel/git-auto-commit-action@v4
```
> **Note**
> The Action has to be used in a Job that runs on a UNIX system (e.g. `ubuntu-latest`).
The following is an extended example with all available options.
@ -111,8 +139,12 @@ jobs:
php-cs-fixer:
runs-on: ubuntu-latest
permissions:
# Give the default GITHUB_TOKEN write permission to commit and push the changed files back to the repository.
contents: write
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
with:
ref: ${{ github.head_ref }}