Document the required workflow permissions

Signed-off-by: Marco Franssen <marco.franssen@gmail.com>
aquasecurity · Aug 25, 2022 · d8b6fff · d8b6fff
1 parent 53821b4
commit d8b6fff
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -9,6 +9,13 @@ To add the action, add `tfsec_pr_commenter.yml` into the `.github/workflows` dir
 
 The contents of `tfsec_pr_commenter.yml` should be;
 
+> **Note**: The GITHUB_TOKEN injected to the workflow will need permissions to write on pull requests.
+>
+> This can be achieved by adding a permissions block in your workflow definition.
+>
+> See: [docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs](https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs)
+> for more details.
+
 ```yaml
 name: tfsec-pr-commenter
 on:
@@ -18,6 +25,10 @@ jobs:
     name: tfsec PR commenter
     runs-on: ubuntu-latest
 
+    permissions:
+      contents: read
+      pull-requests: write
+
     steps:
       - name: Clone repo
         uses: actions/checkout@master