actions-cool / maintain-one-comment Goto Github PK

遇到的问题：
两次评论信息不一样时候，评论最外面展示的是最早的一条信息而不是最近的一条

期望的：
应该覆盖掉最早的信息，最近的成功信息应该展示在外面，可以减少点击查看和误会

At https://github.com/step-security/secure-workflows we are building a knowledge-base (KB) of GITHUB_TOKEN permissions needed by different GitHub Actions. When developers try to set minimum token permissions for their workflows, they can use this knowledge-base instead of trying to research permissions needed by each GitHub Action they use.

Below you can see the KB of your GITHUB Action.

name: 'Maintain One Comment'
github-token:
  action-input:
    input: token
  permissions:
    issues: write
    issues-reason: to modify or create issue comments # Checkout: https://github.com/actions-cool/maintain-one-comment/blob/8e93c1ac4bb589ba5f9308d08f0de82ec7eb8612/src/main.js#L78
    pull-requests: write # requires because sometime have to work on PR comments
    pull-requests-reason: to modify or create PR comments #Checkout: https://github.com/actions-cool/maintain-one-comment/blob/8e93c1ac4bb589ba5f9308d08f0de82ec7eb8612/src/main.js#L78

# Fix: 550

If you think this information is not accurate, or if in the future your GitHub Action starts using a different set of permissions, please create an issue at https://github.com/step-security/secure-workflows/issues to let us know.

This issue is automatically created by our analysis bot, feel free to close after reading :)

References:

GitHub asks users to define workflow permissions, see https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/ and https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token for securing GitHub workflows against supply-chain attacks.

Setting minimum token permissions is also checked for by Open Source Security Foundation (OpenSSF) Scorecards. Scorecards recommend using https://github.com/step-security/secure-workflows so developers can fix this issue in an easier manner.