Permissions

The action only requests the permissions it needs for the chosen delivery method.

Permission	When required
`contents: read`	Always — needed to check out the repo and read the git history
`contents: write`	When writing the output file back to the repository
`models: read`	When using the `github-models` provider (the default)
`pull-requests: write`	When `post_pr_comment: 'true'` (the default)
`issues: write`	When `post_issue: 'true'`
`discussions: write`	When `post_discussion: 'true'`
`administration: write`	When `post_discussion: 'true'` and Discussions may not yet be enabled on the repo

Minimal permissions example (PR comment only)

permissions:
  contents: read
  pull-requests: write
  models: read

Writing output file to the repository

When using a push trigger (or any other event where no PR exists), you need contents: write to commit the assessment file back:

permissions:
  contents: write
  models: read

All delivery methods enabled

permissions:
  contents: write
  pull-requests: write
  issues: write
  discussions: write
  administration: write  # only if Discussions may not be enabled yet
  models: read

Minimal permissions example (PR comment only)​

Writing output file to the repository​

All delivery methods enabled​

Minimal permissions example (PR comment only)

Writing output file to the repository

All delivery methods enabled