summary refs log tree commit diff
path: root/.github
diff options
context:
space:
mode:
authorDavid Robertson <davidr@element.io>2022-10-03 15:59:32 +0100
committerGitHub <noreply@github.com>2022-10-03 15:59:32 +0100
commit3ac0e76b799e0a1930b864fd1884c20f6eeb1f9e (patch)
tree9820bf6614270f03bc142708f3de8d8995edee14 /.github
parentBump docker/setup-buildx-action from 1 to 2 (#14015) (diff)
downloadsynapse-3ac0e76b799e0a1930b864fd1884c20f6eeb1f9e.tar.xz
yet another attempt to make dependabot changelogs work (#14021)
* yet another attempt to make dependabot changelogs work

* Changelog
Diffstat (limited to '.github')
-rw-r--r--.github/workflows/dependabot_changelog.yml5
1 files changed, 5 insertions, 0 deletions
diff --git a/.github/workflows/dependabot_changelog.yml b/.github/workflows/dependabot_changelog.yml
index 0349011478..dcad8d4a24 100644
--- a/.github/workflows/dependabot_changelog.yml
+++ b/.github/workflows/dependabot_changelog.yml
@@ -9,6 +9,9 @@ permissions:
   #     https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request
   # for a similar example
   contents: write
+  # The pull_requests "synchronize" event doesn't seem to fire with just `contents: write`, so
+  # CI doesn't run with the new changelog. Maybe `pull_requests: write` will fix this?
+  pull_requests: write
 
 jobs:
   add-changelog:
@@ -27,3 +30,5 @@ jobs:
           git commit -m "Changelog"
           git push
         shell: bash
+  # THIS WORKFLOW HAS VARIOUS WRITE PERMISSIONS---do not add other jobs here unless they
+  # are sufficiently locked down to dependabot only as above.