From d57923d26b6574fb1a21857a615ed63815c59f97 Mon Sep 17 00:00:00 2001 From: Brad Keryan Date: Tue, 17 Mar 2026 00:18:47 -0500 Subject: [PATCH 1/5] github: Remove with: GITHUB_TOKEN from thollander/actions-comment-pull-request --- .github/workflows/Comment-on-PR.yml | 1 - .github/workflows/Notify-Convention-Change.yml | 1 - 2 files changed, 2 deletions(-) diff --git a/.github/workflows/Comment-on-PR.yml b/.github/workflows/Comment-on-PR.yml index 933d65f7..5f2aef8f 100644 --- a/.github/workflows/Comment-on-PR.yml +++ b/.github/workflows/Comment-on-PR.yml @@ -19,4 +19,3 @@ jobs: with: message: | Thank you for contributing! :wave: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/Notify-Convention-Change.yml b/.github/workflows/Notify-Convention-Change.yml index fec826b4..99857655 100644 --- a/.github/workflows/Notify-Convention-Change.yml +++ b/.github/workflows/Notify-Convention-Change.yml @@ -43,4 +43,3 @@ jobs: @Adithyak1998 @innagarc @ShibaniRout - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 1b72502b89f4c86ba82521db15b28c0ccc1a3fac Mon Sep 17 00:00:00 2001 From: Brad Keryan Date: Tue, 17 Mar 2026 00:19:35 -0500 Subject: [PATCH 2/5] github: Pin actions/checkout --- .github/workflows/Notify-Convention-Change.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/Notify-Convention-Change.yml b/.github/workflows/Notify-Convention-Change.yml index 99857655..46edad92 100644 --- a/.github/workflows/Notify-Convention-Change.yml +++ b/.github/workflows/Notify-Convention-Change.yml @@ -20,7 +20,8 @@ jobs: runs-on: ubuntu-latest needs: org-check steps: - - uses: actions/checkout@main + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Comment on PR uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 with: From ed12da02624485e0658e10bbbde581164ce77aa1 Mon Sep 17 00:00:00 2001 From: Brad Keryan Date: Tue, 17 Mar 2026 00:20:48 -0500 Subject: [PATCH 3/5] github: Specify required permissions for jobs that call thollander/actions-comment-pull-request --- .github/workflows/Comment-on-PR.yml | 3 +++ .github/workflows/Notify-Convention-Change.yml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/.github/workflows/Comment-on-PR.yml b/.github/workflows/Comment-on-PR.yml index 5f2aef8f..1e40eb9d 100644 --- a/.github/workflows/Comment-on-PR.yml +++ b/.github/workflows/Comment-on-PR.yml @@ -10,6 +10,9 @@ jobs: comment_on_pr: runs-on: ubuntu-latest name: PR comment + permissions: + contents: read + pull-requests: write steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 diff --git a/.github/workflows/Notify-Convention-Change.yml b/.github/workflows/Notify-Convention-Change.yml index 46edad92..1213bc99 100644 --- a/.github/workflows/Notify-Convention-Change.yml +++ b/.github/workflows/Notify-Convention-Change.yml @@ -19,6 +19,9 @@ jobs: notify: runs-on: ubuntu-latest needs: org-check + permissions: + contents: read + pull-requests: write steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 From 577a4b03bd86fe4ac0916df7dfe34e85d27b16a3 Mon Sep 17 00:00:00 2001 From: Brad Keryan Date: Tue, 17 Mar 2026 00:21:11 -0500 Subject: [PATCH 4/5] github: Add a name for Comment-on-PR.yml --- .github/workflows/Comment-on-PR.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/Comment-on-PR.yml b/.github/workflows/Comment-on-PR.yml index 1e40eb9d..e8d6c7d8 100644 --- a/.github/workflows/Comment-on-PR.yml +++ b/.github/workflows/Comment-on-PR.yml @@ -1,3 +1,5 @@ +name: Comment on PR + on: pull_request_target: paths-ignore: @@ -16,7 +18,6 @@ jobs: steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - name: Comment on PR uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 with: From 438006aca3eddf08a2916e1e4b37389134d3770d Mon Sep 17 00:00:00 2001 From: Brad Keryan Date: Tue, 17 Mar 2026 00:28:03 -0500 Subject: [PATCH 5/5] github: Remove actions/checkout from comment workflows --- .github/workflows/Comment-on-PR.yml | 3 --- .github/workflows/Notify-Convention-Change.yml | 3 --- 2 files changed, 6 deletions(-) diff --git a/.github/workflows/Comment-on-PR.yml b/.github/workflows/Comment-on-PR.yml index e8d6c7d8..d1a52e55 100644 --- a/.github/workflows/Comment-on-PR.yml +++ b/.github/workflows/Comment-on-PR.yml @@ -13,11 +13,8 @@ jobs: runs-on: ubuntu-latest name: PR comment permissions: - contents: read pull-requests: write steps: - - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Comment on PR uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 with: diff --git a/.github/workflows/Notify-Convention-Change.yml b/.github/workflows/Notify-Convention-Change.yml index 1213bc99..9a5005cf 100644 --- a/.github/workflows/Notify-Convention-Change.yml +++ b/.github/workflows/Notify-Convention-Change.yml @@ -20,11 +20,8 @@ jobs: runs-on: ubuntu-latest needs: org-check permissions: - contents: read pull-requests: write steps: - - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Comment on PR uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b # v3.0.1 with: