diff --git a/README.md b/README.md index 1ba05ab5..c4153c1c 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ Automatically label new pull requests based on the paths of files being changed. Create a `.github/labeler.yml` file with a list of labels and [minimatch](https://github.com/isaacs/minimatch) globs to match to apply the label. -The key is the name of the label in your repository that you want to add (e.g. "merge conflict", "needs-updating") and the value is the path (glob) of the changed files (e.g. `src/**`, `tests/*.spec.js`) or a match object. +The key is the name of the label in your repository that you want to add (e.g. `merge conflict`, `needs-updating`) and the value is the path (glob) of the changed files (e.g. `src/**`, `tests/*.spec.js`) or a match object. #### Match Object @@ -111,7 +111,7 @@ Various inputs are defined in [`action.yml`](action.yml) to let you configure th | Name | Description | Default | | - | - | - | -| `repo-token` | Token to use to authorize label changes. Typically the GITHUB_TOKEN secret, with `contents:read` and `pull-requests:write` access | `github.token` | +| `repo-token` | Token to use to authorize label changes. Typically the `GITHUB_TOKEN` secret, with `contents:read` and `pull-requests:write` access | `github.token` | | `configuration-path` | The path to the label configuration file | `.github/labeler.yml` | | `sync-labels` | Whether or not to remove labels when matching files are reverted or no longer changed by the PR | `false` | | `dot` | Whether or not to auto-include paths starting with dot (e.g. `.github`) | `false` | @@ -136,12 +136,12 @@ label1: In order to add labels to pull requests, the GitHub labeler action requires write permissions on the pull-request. However, when the action runs on a pull request from a forked repository, GitHub only grants read access tokens for -pull_request events, at most. If you encounter an Error: HttpError: Resource -not accessible by integration, it's likely due to these permission constraints. +`pull_request` events, at most. If you encounter an `Error: HttpError: Resource +not accessible by integration`, it's likely due to these permission constraints. To resolve this issue, you can modify the `on:` section of your workflow to use -[pull_request_target](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target) +[`pull_request_target`](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target) instead of `pull_request` (see example [above](#create-workflow)). This change -allows the action to have write access, because pull_request_target alters the +allows the action to have write access, because `pull_request_target` alters the [context of the action](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target) and safely grants additional permissions. Refer to the [GitHub token