You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+21-3Lines changed: 21 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -44,11 +44,29 @@ This action can be configured to authenticate with GitHub App Installation or Pe
44
44
|`GH_APP_PRIVATE_KEY`| True |`""`| GitHub Application Private Key. See [documentation](https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/about-authentication-with-a-github-app) for more details. |
45
45
|`GITHUB_APP_ENTERPRISE_ONLY`| False |`false`| Set this input to `true` if your app is created in GHE and communicates with GHE. |
46
46
47
+
###### Required GitHub App permissions
48
+
49
+
The GitHub App must be installed on every repository the action will scan
50
+
(or installed on the organization with "All repositories" selected), and the
51
+
App must be granted these permissions:
52
+
53
+
-**Repository → Metadata**: Read (default)
54
+
-**Repository → Contents**: Read & write — read CODEOWNERS files; create branches and commit the placeholder CODEOWNERS file when one is missing
55
+
-**Repository → Pull requests**: Read & write — open PRs that suggest CODEOWNERS changes
56
+
-**Organization → Members**: Read — check whether each CODEOWNERS entry is still an organization member
57
+
58
+
If any of these are missing the action fails with `Error: 403 Resource not accessible by integration` on the first API call that needs the missing permission. Updating an existing App's permissions also requires the installation owner to accept the new permission request before it takes effect.
0 commit comments