fix permissions issue on workflow (#567)
* Add PR review automation workflow and script closes #559 * Improve PR review automation with better error handling and permissions * Update PR review automation to use pull_request_target event for improved security
This commit is contained in:
Juan Diaz
5
.github/workflows/pr-review-automation.yml
vendored
5
.github/workflows/pr-review-automation.yml
vendored
@@ -1,7 +1,7 @@
|
||||
name: PR Review Automation
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
pull_request_target:
|
||||
paths:
|
||||
- README.md
|
||||
- db/**
|
||||
@@ -10,13 +10,14 @@ on:
|
||||
jobs:
|
||||
pr-review-automation:
|
||||
runs-on: ubuntu-latest
|
||||
# Add permissions for the GITHUB_TOKEN to comment on PRs
|
||||
permissions:
|
||||
contents: read
|
||||
pull-requests: write
|
||||
issues: write
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
ref: ${{ github.event.pull_request.base.ref }}
|
||||
|
||||
- name: Setup Node
|
||||
uses: actions/setup-node@v4
|
||||
|
||||
Reference in New Issue
Block a user