fix(ci): provide necessary permissions for calling workflow

Also error on the side of security adding an extra check on the automatic PR step.
2024-12-19 18:55:14 -07:00 · 2022-03-21 22:40:24 -05:00 · 2022-03-21 22:40:24 -05:00 · b55e65980a
commit b55e65980a
parent 0c02e8a62b
2 changed files with 4 additions and 1 deletions
--- a/.github/workflows/api-docs-check.yml
+++ b/.github/workflows/api-docs-check.yml
@ -12,6 +12,9 @@ on:
 jobs:
  call-regen-api-docs:
    if: github.event.pull_request.draft == false
+    permissions:
+      contents: write
+      pull-requests: write
    uses: ./.github/workflows/api-docs.yml
    with:
      check_only: true
--- a/.github/workflows/api-docs.yml
+++ b/.github/workflows/api-docs.yml
@ -60,7 +60,7 @@ jobs:
          exit 1

      - name: Automatic PR
-        if: ${{ steps.docs.outputs.UPDATED_DOCS != 0 }}
+        if: ${{ steps.docs.outputs.UPDATED_DOCS != 0 && !inputs.check_only }}
        run: |
          git add -u
          git commit -m 'docs: regenerate [skip ci]'