feat: update permission inputs (#358)

dependabot[bot] · web-flow · commit 076e9480ca6e · 2026-04-10T17:35:53.000-07:00
Bumps [@octokit/openapi](https://github.com/octokit/openapi) from 21.0.0 to 22.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/octokit/openapi/releases"><code>@​octokit/openapi</code>'s releases</a>.</em></p> <blockquote> <h2>v22.0.0</h2> <h1><a href="https://github.com/octokit/openapi/compare/v21.0.0...v22.0.0">22.0.0</a> (2025-12-09)</h1> <h3>Features</h3> <ul> <li>drop projects-classic endpoints, add GitHub API endpoints: cache limits (retention &amp; storage) for repos/orgs/enterprises, billing budgets &amp; usage, artifacts deployment metadata, and projectsV2 drafts &amp; fields (<a href="https://redirect.github.com/octokit/openapi/issues/518">#518</a>) (<a href="https://github.com/octokit/openapi/commit/b0c44a4ab1b07a5524890cef1e8321cfc430bebb">b0c44a4</a>)</li> </ul> <h3>BREAKING CHANGES</h3> <ul> <li>Removed <code>/orgs/{org}/projects</code></li> <li>Removed <code>/orgs/{org}/settings/billing/actions</code></li> <li>Removed <code>/orgs/{org}/settings/billing/packages</code></li> <li>Removed <code>/orgs/{org}/settings/billing/shared-storage</code></li> <li>Removed <code>/orgs/{org}/teams/{team_slug}/projects</code></li> <li>Removed <code>/orgs/{org}/teams/{team_slug}/projects/{project_id}</code></li> <li>Removed <code>/projects/columns/{column_id}</code></li> <li>Removed <code>/projects/columns/{column_id}/moves</code></li> <li>Removed <code>/projects/{project_id}</code></li> <li>Removed <code>/projects/{project_id}/collaborators</code></li> <li>Removed <code>/projects/{project_id}/collaborators/{username}</code></li> <li>Removed <code>/projects/{project_id}/collaborators/{username}/permission</code></li> <li>Removed <code>/repos/{owner}/{repo}/projects</code></li> <li>Removed <code>/teams/{team_id}/projects</code></li> <li>Removed <code>/teams/{team_id}/projects/{project_id}</code></li> <li>Removed <code>/user/projects</code></li> <li>Removed <code>/users/{username}/projects</code></li> <li>Removed <code>/users/{username}/settings/billing/actions</code></li> <li>Removed <code>/users/{username}/settings/billing/packages</code></li> <li>Removed <code>/users/{username}/settings/billing/shared-storage</code></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/octokit/openapi/commit/6f63b86ab7d2057cb62574681918a34b3d43f66b"><code>6f63b86</code></a> build(deps): lock file maintenance (<a href="https://redirect.github.com/octokit/openapi/issues/520">#520</a>)</li> <li><a href="https://github.com/octokit/openapi/commit/b0c44a4ab1b07a5524890cef1e8321cfc430bebb"><code>b0c44a4</code></a> feat: drop projects-classic endpoints, add GitHub API endpoints: cache limits...</li> <li><a href="https://github.com/octokit/openapi/commit/a8043eb055618a1a9a779b6807bba796d9664604"><code>a8043eb</code></a> ci(action): update actions/checkout action to v6 (<a href="https://redirect.github.com/octokit/openapi/issues/519">#519</a>)</li> <li><a href="https://github.com/octokit/openapi/commit/af315cd293aac70c81874623769bdb091da614be"><code>af315cd</code></a> build(deps): lock file maintenance (<a href="https://redirect.github.com/octokit/openapi/issues/514">#514</a>)</li> <li><a href="https://github.com/octokit/openapi/commit/170f3965b9432f4171117aacb6b88339d5c2a937"><code>170f396</code></a> build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (<a href="https://redirect.github.com/octokit/openapi/issues/516">#516</a>)</li> <li><a href="https://github.com/octokit/openapi/commit/077a1b94a2e77bf56fa07ed8dc112055958b97ab"><code>077a1b9</code></a> build(deps): lock file maintenance (<a href="https://redirect.github.com/octokit/openapi/issues/508">#508</a>)</li> <li><a href="https://github.com/octokit/openapi/commit/cfca956d308018be25c1405b52c6a4b8c924bdd6"><code>cfca956</code></a> ci(action): update github/codeql-action action to v4 (<a href="https://redirect.github.com/octokit/openapi/issues/510">#510</a>)</li> <li><a href="https://github.com/octokit/openapi/commit/f15da93d54d4de07c1025b0984c5613a8ddd8acd"><code>f15da93</code></a> ci(action): update peter-evans/create-or-update-comment action to v5 (<a href="https://redirect.github.com/octokit/openapi/issues/509">#509</a>)</li> <li><a href="https://github.com/octokit/openapi/commit/64bef332f5e1b11ead74082d8aaf0376409de9d0"><code>64bef33</code></a> chore(deps): update dependency map-obj to v6 (<a href="https://redirect.github.com/octokit/openapi/issues/507">#507</a>)</li> <li><a href="https://github.com/octokit/openapi/commit/4e8e223e564f467a455d7f39de15a0fb233f189e"><code>4e8e223</code></a> chore(deps): update dependency github-enterprise-server-versions to v3 (<a href="https://redirect.github.com/octokit/openapi/issues/511">#511</a>)</li> <li>Additional commits viewable in <a href="https://github.com/octokit/openapi/compare/v21.0.0...v22.0.0">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for <code>@​octokit/openapi</code> since your current version.</p> </details> <br /> Resolves github/gh-aw#18921. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/action.yml b/action.yml
@@ -31,6 +31,10 @@ inputs:
     description: "The level of permission to grant the access token for GitHub Actions workflows, workflow runs, and artifacts. Can be set to 'read' or 'write'."
   permission-administration:
     description: "The level of permission to grant the access token for repository creation, deletion, settings, teams, and collaborators creation. Can be set to 'read' or 'write'."
+  permission-artifact-metadata:
+    description: "The level of permission to grant the access token to create and retrieve build artifact metadata records. Can be set to 'read' or 'write'."
+  permission-attestations:
+    description: "The level of permission to create and retrieve the access token for repository attestations. Can be set to 'read' or 'write'."
   permission-checks:
     description: "The level of permission to grant the access token for checks on code. Can be set to 'read' or 'write'."
   permission-codespaces:
@@ -43,6 +47,8 @@ inputs:
     description: "The level of permission to grant the access token to manage Dependabot secrets. Can be set to 'read' or 'write'."
   permission-deployments:
     description: "The level of permission to grant the access token for deployments and deployment statuses. Can be set to 'read' or 'write'."
+  permission-discussions:
+    description: "The level of permission to grant the access token for discussions and related comments and labels. Can be set to 'read' or 'write'."
   permission-email-addresses:
     description: "The level of permission to grant the access token to manage the email addresses belonging to a user. Can be set to 'read' or 'write'."
   permission-enterprise-custom-properties-for-organizations:
@@ -61,6 +67,8 @@ inputs:
     description: "The level of permission to grant the access token for issues and related comments, assignees, labels, and milestones. Can be set to 'read' or 'write'."
   permission-members:
     description: "The level of permission to grant the access token for organization teams and members. Can be set to 'read' or 'write'."
+  permission-merge-queues:
+    description: "The level of permission to grant the access token to manage the merge queues for a repository. Can be set to 'read' or 'write'."
   permission-metadata:
     description: "The level of permission to grant the access token to search repositories, list collaborators, and access repository metadata. Can be set to 'read' or 'write'."
   permission-organization-administration:
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -22,7 +22,7 @@
     "p-retry": "^8.0.0"
   },
   "devDependencies": {
-    "@octokit/openapi": "^21.0.0",
+    "@octokit/openapi": "^22.0.0",
     "c8": "^11.0.0",
     "esbuild": "^0.27.4",
     "open-cli": "^9.0.0",
diff --git a/scripts/generated/app-permissions.json b/scripts/generated/app-permissions.json
@@ -19,6 +19,22 @@
         "write"
       ]
     },
+    "artifact_metadata": {
+      "type": "string",
+      "description": "The level of permission to grant the access token to create and retrieve build artifact metadata records.",
+      "enum": [
+        "read",
+        "write"
+      ]
+    },
+    "attestations": {
+      "type": "string",
+      "description": "The level of permission to create and retrieve the access token for repository attestations.",
+      "enum": [
+        "read",
+        "write"
+      ]
+    },
     "checks": {
       "type": "string",
       "description": "The level of permission to grant the access token for checks on code.",
@@ -59,6 +75,14 @@
         "write"
       ]
     },
+    "discussions": {
+      "type": "string",
+      "description": "The level of permission to grant the access token for discussions and related comments and labels.",
+      "enum": [
+        "read",
+        "write"
+      ]
+    },
     "environments": {
       "type": "string",
       "description": "The level of permission to grant the access token for managing repository environments.",
@@ -75,6 +99,14 @@
         "write"
       ]
     },
+    "merge_queues": {
+      "type": "string",
+      "description": "The level of permission to grant the access token to manage the merge queues for a repository.",
+      "enum": [
+        "read",
+        "write"
+      ]
+    },
     "metadata": {
       "type": "string",
       "description": "The level of permission to grant the access token to search repositories, list collaborators, and access repository metadata.",
