Merge pull request #14 from norwd/revert-11-norwd-patch-1

Revert "Simplify permission Requirements"
norwd · Dec 5, 2022 · 24a4c33 · 24a4c33
2 parents 0c74d3e + f6acfdd
commit 24a4c33
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 24 deletions.
diff --git a/.github/workflows/self_test.yml b/.github/workflows/self_test.yml
@@ -10,11 +10,6 @@ jobs:
   run-self:
     name: Run fmtya on itself
     runs-on: ubuntu-latest
-    permissions:
-      actions: write
-      contents: write
-      statuses: write
-
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -24,7 +19,7 @@ jobs:
         with:
 
           # permission settings
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ secrets.SELF_FMTYA || secrets.GITHUB_TOKEN }}
 
           # commit information
           commit-user-name: norwd

diff --git a/README.md b/README.md
@@ -11,9 +11,9 @@ settings set to their default values. This will run `yamlfmt` on the repository
 and if any yaml files are reformatted, it will commit them back to the branch
 that was pushed.
 
-Note that the `actions: write` permission is also needed in addition to just the
-`contents: write` permission on its own. This is due to a limitation in GitHub's
-permissions system.
+Note that if the default token is used, GitHub Action workflow files cannot be
+formatted. This is due to a limitation in GitHub's permissions system. See the
+[advanced setup](#advanced-setup) example to see how to format workflow files.
 
 ```yaml
 ---
@@ -26,11 +26,6 @@ on:
 jobs:
   yamlfmt:
     runs-on: ubuntu-latest
-    permissions:
-      actions: write
-      contents: write
-      statuses: write
-
     steps:
       - uses: norwd/fmtya@v1
         with:
@@ -56,21 +51,15 @@ on:
 jobs:
   yamlfmt:
     runs-on: ubuntu-latest
-    permissions:
-      actions: write
-      contents: write
-      statuses: write
-
     steps:
       - uses: norwd/fmtya@v1
         with:
 
           // Due to how GitHub's permissions system is set up, the default token
-          // may not have the necessary access to update workflow files. Setting
-          // the `actions: write` permission, as well as `contents: write`, will
-          // allow `fmtya` to operate without explicitly setting a token or PAT.
-          // However, a custom PAT (for example a fine-grained token scoped down
-          // to just the one repository) can be specified.
+          // does not have the necessary access to update workflow files. If you
+          // want to want `fmtya` to format the files in the `.github/workflows`
+          // directory, you will need to set up a PAT with at least write access
+          // to both the `repo` and `workflows` permissions.
           token: ${{ secrets.<YOUR_PAT> }}
 
           // By default, `fmtya` uses the latest available version of `yamlfmt`.