docs(caller-workflow): limit permission for github_token

espressif · Sep 7, 2024 · eafe485 · eafe485
1 parent a106f9b
commit eafe485
Showing 1 changed file with 15 additions and 6 deletions.
diff --git a/docs/caller-workflow.yml b/docs/caller-workflow.yml
@@ -1,28 +1,37 @@
 ---
+# This GitHub Actions workflow synchronizes GitHub issues, comments, and pull requests with Jira.
+# It triggers on new issues, issue comments, and on a scheduled basis.
+# The workflow uses a custom action to perform the synchronization with Jira (espressif/sync-jira-actions).
+
 name: Sync to Espressif Jira
 run-name: >
-  ${{ github.event_name == 'issue_comment' && 'Sync to Espressif Jira - Issue comment' ||
-      github.event_name == 'schedule' && 'Sync to Espressif Jira - Pull Requests' ||
-      github.event_name == 'issues' && 'Sync to Espressif Jira - New Issue' }}
+  Sync to Jira -
+  ${{ github.event_name == 'issue_comment' && 'Issue Comments' ||
+      github.event_name == 'schedule' && 'New Pull Requests' ||
+      github.event_name == 'issues' && 'New Issues' }}
 
 on:
   issues: {types: [opened]}
   issue_comment: {types: [created, edited, deleted]}
   schedule: [cron: '0 * * * *']
 
 jobs:
-  sync_to_jira:
+  sync-to-jira:
     name: >
       Sync to Jira -
       ${{ github.event_name == 'issue_comment' && 'Issue Comments' ||
           github.event_name == 'schedule' && 'New Pull Requests' ||
           github.event_name == 'issues' && 'New Issues' }}
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      issues: write
+      pull-requests: write
     steps:
-      - name: Check out PR head
+      - name: Check out repository
         uses: actions/checkout@v4
 
-      - name: Sync to Jira
+      - name: Run synchronization to Jira
         uses: espressif/sync-jira-actions@change/composite-action
         with:
           jira-project: IDFSYNTEST