Document GitHub API permissions (#812)

xalvarez · Jan 2, 2024 · ce7341e · ce7341e
1 parent 1150881
commit ce7341e
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -4,6 +4,9 @@ on:
     branches:
       - main
 
+permissions:
+  pull-requests: read
+
 jobs:
   build:
     runs-on: ubuntu-latest

diff --git a/README.md b/README.md
@@ -23,6 +23,16 @@ In the example above, files with `.example` extension won't be allowed to be cha
 
 **Note**: This Action supports pull request events only.
 
+## GITHUB_TOKEN permissions
+
+The required GITHUB_TOKEN permissions are: `pull-requests: read`. Therefore, you may configure your workflow or job's
+permissions as follows:
+
+```
+permissions:
+  pull-requests: read
+```
+
 ## Development
 
 To work on this Action you first need to install npm dependencies: