😅 PR Welcome

Thanks for your contribution. But I maybe refuse.

How to use?

name: PR Welcome

on:
  pull_request_target:
    types: [opened, edited, reopened]

jobs:
  welcome:
    runs-on: ubuntu-latest
    steps:
      - uses: actions-cool/pr-welcome@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          refuse-issue-label: 'xxx'
          need-creator-authority: 'write'
          comment: |
            HI ~

            你好~
          emoji: '+1, -1, heart'
          reviewers: 'user1, user2'
          review-creator: false
          close: true

Name	Desc	Type	Required
token	GitHub token	string	✖
refuse-issue-label	Only when the label included in the issue mentioned in the PR is triggered	string	✖
need-creator-authority	Filter the permissions of the creator. Option: `read` `write` `admin`	string	✖
comment	Comment content after filter	string	✖
emoji	Comment emoji	string	✖
pr-emoji	Add emoji to PR	string	✖
close	If close pr	boolean	✖
reviewers	Add reviewers to PR	string	✖
review-creator	If creator review. Default `true`	boolean	✖

Note

When has refuse-issue-label or need-creator-authority, it will start filter mode
Comment only once in a PR
Triger event only support pull_request and pull_request_target. When use pull_request, the Action will only show the CI status icon(Because of permissions). When use pull_request_target, must see
Can use v1 or v1.2.0

Changelog

CHANGELOG

Emoji List

content	emoji
`+1`	👍
`-1`	👎
`laugh`	😄
`confused`	😕
`heart`	❤️
`hooray`	🎉
`rocket`	🚀
`eyes`	👀

LICENSE

MIT

GITHUB_TOKEN permissions used by this action

At https://github.com/step-security/secure-workflows we are building a knowledge-base (KB) of GITHUB_TOKEN permissions needed by different GitHub Actions. When developers try to set minimum token permissions for their workflows, they can use this knowledge-base instead of trying to research permissions needed by each GitHub Action they use.

Below you can see the KB of your GITHUB Action.

name: 'PR Welcome'
github-token:
  action-input:
    input: token
    is-default: true
  permissions:
    issues: write
    issues-reason: to create, update & react on issues #Checkout: https://github.com/actions-cool/pr-welcome/blob/main/src/main.js#L171
    pull-requests: write
    pull-requests-reason: to request reviewer #Checkout: https://github.com/actions-cool/pr-welcome/blob/main/src/main.js#L147
    contents: read
    contents-reason: to get collaborator permission level #Checkout: https://github.com/actions-cool/pr-welcome/blob/main/src/main.js#L57

    
#Fixes #548

If you think this information is not accurate, or if in the future your GitHub Action starts using a different set of permissions, please create an issue at https://github.com/step-security/secure-workflows/issues to let us know.

This issue is automatically created by our analysis bot, feel free to close after reading :)

References:

GitHub asks users to define workflow permissions, see https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/ and https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token for securing GitHub workflows against supply-chain attacks.

Setting minimum token permissions is also checked for by Open Source Security Foundation (OpenSSF) Scorecards. Scorecards recommend using https://github.com/step-security/secure-workflows so developers can fix this issue in an easier manner.

actions-cool / pr-welcome Goto Github PK

pr-welcome's Introduction

😅 PR Welcome

How to use?

Note

Changelog

Emoji List

LICENSE

pr-welcome's People

Contributors

Stargazers

Watchers

Forkers

pr-welcome's Issues

References:

Recommend Projects

Recommend Topics

Recommend Org

Jobs