diff --git a/action.yml b/action.yml index 09cc8fa..a0a99c8 100644 --- a/action.yml +++ b/action.yml @@ -37,6 +37,48 @@ inputs: github-api-url: description: The URL of the GitHub REST API. default: ${{ github.api_url }} + # + permission-metadata: + description: "Can be set to 'read'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#metadata" + permission-actions: + description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#actions" + permission-administration: + description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#administration" + permission-organization-user-blocking: + description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#organization-user-blocking" + permission-checks: + description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#checks" + permission-security-events: + description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#code-scanning-alerts" + permission-statuses: + description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#commit-statuses" + permission-contents: + description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#contents" + permission-vulnerability-alerts: + description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#dependabot-alerts" + permission-deployments: + description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#deployments" + permission-issues: + description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#issues" + permission-members: + description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#members" + permission-organization-administration: + description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#organization-administration" + permission-organization-projects: + description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#organization-projects" + permission-pages: + description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#pages" + permission-pull-requests: + description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#pull-requests" + permission-repository-projects: + description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#repository-projects" + permission-secrets: + description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#secrets" + permission-single-file: + description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#single-file" + permission-team-discussions: + description: "Can be set to 'read' or 'write'. Learn more at https://docs.github.com/en/free-pro-team@latest/rest/reference/permissions-required-for-github-apps/#team-discussions" + # outputs: token: description: "GitHub installation access token" diff --git a/scripts/update-permission-inputs.js b/scripts/update-permission-inputs.js new file mode 100644 index 0000000..5e33dab --- /dev/null +++ b/scripts/update-permission-inputs.js @@ -0,0 +1,44 @@ +import { readFile, writeFile } from "node:fs/promises"; + +import { request } from "@octokit/request"; + +const { data: permissionsSchemaString } = await request( + "GET /repos/{owner}/{repo}/contents/{path}", + { + owner: "octokit", + repo: "app-permissions", + path: "generated/api.github.com.json", + mediaType: { + format: "raw", + }, + headers: { + authorization: `token ${process.env.GITHUB_TOKEN}`, + }, + }, +); + +const permissionsSchema = JSON.parse(permissionsSchemaString); + +const permissionsInputs = Object.entries(permissionsSchema.permissions).reduce( + (result, [key, value]) => { + const supportsWrite = value.write.length > 0; + const description = supportsWrite + ? `Can be set to 'read' or 'write'. Learn more at ${value.url}` + : `Can be set to 'read'. Learn more at ${value.url}`; + return `${result} + permission-${key.replace(/_/g, "-")}: + description: "${description}"`; + }, + "", +); + +const actionsYamlContent = await readFile("action.yml", "utf8"); + +// In the action.yml file, replace the content between the `` and `` comments with the new content +const updatedActionsYamlContent = actionsYamlContent.replace( + /(?<=# )(.|\n)*(?=# )/, + permissionsInputs + "\n ", +); + +await writeFile("action.yml", updatedActionsYamlContent, "utf8"); +console.log("Updated action.yml with new permissions inputs");