Skip to content

Updates to README for permissions clarification#697

Merged
truggeri merged 4 commits intomainfrom
truggeri/readme-pat-cleanup
Apr 10, 2026
Merged

Updates to README for permissions clarification#697
truggeri merged 4 commits intomainfrom
truggeri/readme-pat-cleanup

Conversation

@truggeri
Copy link
Copy Markdown
Contributor

@truggeri truggeri commented Apr 9, 2026
edited
Loading

Updates README to clarify permissions needed when crafting actions,

  • Clarifies secrets not accessible by Dependabot initiated workflows
  • Changes example workflows triggering to on: pull_request_target
  • Removes confusing language about PAT
  • Mention needing write permissions for auto-merge
  • Cleanup some minor space linting

@truggeri truggeri self-assigned this Apr 9, 2026
@truggeri truggeri marked this pull request as ready for review April 9, 2026 03:21
@truggeri truggeri requested a review from a team as a code owner April 9, 2026 03:21
@truggeri truggeri requested a review from Copilot April 9, 2026 13:42
Copilot AI reviewed Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the project README to more accurately describe GitHub Actions permission/secrets behavior for Dependabot-triggered workflows and to adjust example workflows accordingly.

Changes:

  • Adds documentation clarifying that Dependabot-triggered pull_request workflows run with read-only GITHUB_TOKEN and no secrets access, and that examples therefore use pull_request_target.
  • Updates example workflows to trigger on pull_request_target and clarifies auto-merge permission requirements.
  • Cleans up formatting in the “Release guide” section.
Show a summary per file
File Description
README.md Clarifies permissions/secrets behavior for Dependabot workflows; updates workflow examples and cleans up markdown formatting.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

  • Files reviewed: 1/1 changed files
  • Comments generated: 6

Comment thread README.md Outdated
Comment thread README.md Outdated
Comment thread README.md Outdated
Comment thread README.md Outdated
Comment thread README.md Outdated
Comment thread README.md Outdated
jakecoffman
jakecoffman approved these changes Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@jakecoffman jakecoffman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks correct. I have a working auto-merge workflow on an example repo and the implementation lines up pretty well: https://github.com/jakecoffman/auto-merge/blob/main/.github/workflows/auto-merge.yml

@truggeri truggeri merged commit c734054 into main Apr 10, 2026
9 checks passed
@truggeri truggeri deleted the truggeri/readme-pat-cleanup branch April 10, 2026 16:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jakecoffman jakecoffman jakecoffman approved these changes

Assignees

@truggeri truggeri

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Inaccurate functionality description

3 participants

@truggeri @jakecoffman