diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6d669dd..b66989a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,6 +14,7 @@ on: permissions: pull-requests: write contents: write + actions: write jobs: build: @@ -60,14 +61,12 @@ jobs: - name: Test repository dispatch uses: ./ with: - token: ${{ secrets.REPO_ACCESS_TOKEN }} event-type: tests client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}"}' - name: Test repository dispatch (default payload) uses: ./ with: - token: ${{ secrets.REPO_ACCESS_TOKEN }} event-type: tests package: diff --git a/README.md b/README.md index 9c86df0..45e5470 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,22 @@ A GitHub action to create a repository dispatch event. ## Usage +Dispatch an event to the current repository by elivating the permissions of the default `GITHUB_TOKEN`. +```yml +permissions: + actions: write + +jobs: + repositorydispatch: + runs-on: ubuntu-latest + steps: + - name: Repository Dispatch + uses: peter-evans/repository-dispatch@v2 + with: + event-type: my-event +``` + +Dispatch an event to a remote repository using a `repo` scoped [Personal Access Token (PAT)](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token). ```yml - name: Repository Dispatch uses: peter-evans/repository-dispatch@v2 @@ -18,15 +34,23 @@ A GitHub action to create a repository dispatch event. | Name | Description | Default | | --- | --- | --- | -| `token` | (**required**) A `repo` scoped GitHub [Personal Access Token](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token). See [token](#token) for further details. | | +| `token` | (**required**) `GITHUB_TOKEN` (permissions `actions: write`) or a `repo` scoped [Personal Access Token (PAT)](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token). See [token](#token) for further details. | `GITHUB_TOKEN` | | `repository` | The full name of the repository to send the dispatch. | `github.repository` (current repository) | | `event-type` | (**required**) A custom webhook event name. | | | `client-payload` | JSON payload with extra information about the webhook event that your action or workflow may use. | `{}` | -#### `token` +#### Token + +This action creates [`repository_dispatch`](https://docs.github.com/en/rest/repos/repos#create-a-repository-dispatch-event) events. +The default `GITHUB_TOKEN` token can only be used if you are dispatching the same repository that the workflow is executing in. +In this case you must [elevate the token permissions](https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs) to allow the dispatch. + +```yaml +permissions: + actions: write +``` -This action creates [`repository_dispatch`](https://developer.github.com/v3/repos/#create-a-repository-dispatch-event) events. -The default `GITHUB_TOKEN` does not have scopes to do this so a `repo` scoped [PAT](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) created on a user with `write` access to the target repository is required. +To dispatch to a remote repository you must create a [Personal Access Token (PAT)](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token) with the `repo` scope and store it as a secret. If you will be dispatching to a public repository then you can use the more limited `public_repo` scope. ## Example diff --git a/action.yml b/action.yml index 95ab44e..a68a086 100644 --- a/action.yml +++ b/action.yml @@ -2,8 +2,8 @@ name: 'Repository Dispatch' description: 'Create a repository dispatch event' inputs: token: - description: 'A repo scoped GitHub Personal Access Token' - required: true + description: 'GITHUB_TOKEN or a `repo` scoped Personal Access Token (PAT)' + default: ${{ github.token }} repository: description: 'The full name of the repository to send the dispatch.' default: ${{ github.repository }}