fix permissions issue on workflow (#567)
* Add PR review automation workflow and script closes #559 * Improve PR review automation with better error handling and permissions * Update PR review automation to use pull_request_target event for improved security
This commit is contained in:
Juan Diaz
5
.github/workflows/pr-review-automation.yml
vendored
5
.github/workflows/pr-review-automation.yml
vendored
@@ -1,7 +1,7 @@
|
|||||||
name: PR Review Automation
|
name: PR Review Automation
|
||||||
|
|
||||||
on:
|
on:
|
||||||
pull_request:
|
pull_request_target:
|
||||||
paths:
|
paths:
|
||||||
- README.md
|
- README.md
|
||||||
- db/**
|
- db/**
|
||||||
@@ -10,13 +10,14 @@ on:
|
|||||||
jobs:
|
jobs:
|
||||||
pr-review-automation:
|
pr-review-automation:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
# Add permissions for the GITHUB_TOKEN to comment on PRs
|
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
pull-requests: write
|
pull-requests: write
|
||||||
issues: write
|
issues: write
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
ref: ${{ github.event.pull_request.base.ref }}
|
||||||
|
|
||||||
- name: Setup Node
|
- name: Setup Node
|
||||||
uses: actions/setup-node@v4
|
uses: actions/setup-node@v4
|
||||||
|
|||||||
Reference in New Issue
Block a user