JGC-448 - Add explicit GITHUB_TOKEN permissions to CLA workflow #3925
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "CLA Assistant" | |
| on: # issue_comment triggers this action on each comment on issues and pull requests | |
| issue_comment: | |
| types: [created] | |
| pull_request_target: | |
| types: [opened, synchronize] | |
| branches: | |
| - "master" | |
| # explicitly configure permissions, in case your GITHUB_TOKEN workflow permissions are set to read-only in repository settings | |
| permissions: | |
| actions: write | |
| contents: write # this can be 'read' if the signatures are in remote repository | |
| pull-requests: write | |
| statuses: write | |
| jobs: | |
| CLAssistant: | |
| strategy: | |
| matrix: | |
| os: | |
| - name: ubuntu | |
| version: 24.04 | |
| runs-on: ${{ matrix.os.name }}-${{ matrix.os.version }} | |
| steps: | |
| - name: Run CLA Check | |
| uses: jfrog/.github/actions/cla@main | |
| with: | |
| event_comment_body: ${{ github.event.comment.body }} | |
| event_name: ${{ github.event_name }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| CLA_SIGN_TOKEN: ${{ secrets.CLA_SIGN_TOKEN }} |