Token Permissions¶
This is an exhaustive list of required permissions organized by features.
Important
The GITHUB_TOKEN environment variable should be supplied when running on a private repository.
Otherwise the runner does not not have the privileges needed for the features mentioned here.
See also Authenticating with the GITHUB_TOKEN
File Changes¶
When using --files-changed-only or
--lines-changed-only to get the list
of file changes for a CI event, the following permissions are needed:
Push¶
For push events.
permissions:
contents: read
The contents permission is also needed to download files if the repository is not
checked out before running cpp-linter.
Pull Request¶
For pull_request events.
permissions:
contents: read
pull-requests: read
For pull requests, the contents permission is only needed to download files if
the repository is not checked out before running cpp-linter.
- Specifying
writeto thepull-requestspermission is also sufficient as that is required for - posting thread comments on pull requests
- posting pull request reviews
Thread Comments¶
The --thread-comments feature requires the following permissions:
Push¶
For push events.
permissions:
metadata: read
contents: write
- The
metadatapermission is needed to fetch existing comments. - The
contentspermission is needed to post or update a commit comment. This also allows us to delete an outdated comment if needed.
Pull Request¶
For pull_request events.
permissions:
pull-requests: write
Pull Request Reviews¶
The tidy-review, format-review, and passive-reviews features require the following permissions:
permissions:
pull-requests: write