default_workflow_permissions
Creates, updates, deletes, gets or lists a default_workflow_permissions resource.
Overview
| Name | default_workflow_permissions |
| Type | Resource |
| Id | github.actions.default_workflow_permissions |
Fields
The following fields are returned by SELECT queries:
- get_github_actions_default_workflow_permissions_repository
- get_github_actions_default_workflow_permissions_organization
Response
| Name | Datatype | Description |
|---|---|---|
can_approve_pull_request_reviews | boolean | Whether GitHub Actions can approve pull requests. Enabling this can be a security risk. |
default_workflow_permissions | string | The default workflow permissions granted to the GITHUB_TOKEN when running workflows. (read, write) |
Response
| Name | Datatype | Description |
|---|---|---|
can_approve_pull_request_reviews | boolean | Whether GitHub Actions can approve pull requests. Enabling this can be a security risk. |
default_workflow_permissions | string | The default workflow permissions granted to the GITHUB_TOKEN when running workflows. (read, write) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get_github_actions_default_workflow_permissions_repository | select | owner, repo | Gets the default workflow permissions granted to the GITHUB_TOKEN when running workflows in a repository,as well as if GitHub Actions can submit approving pull request reviews. For more information, see "Setting the permissions of the GITHUB_TOKEN for your repository." OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint. | |
get_github_actions_default_workflow_permissions_organization | select | org | Gets the default workflow permissions granted to the GITHUB_TOKEN when running workflows in an organization,as well as whether GitHub Actions can submit approving pull request reviews. For more information, see "Setting the permissions of the GITHUB_TOKEN for your organization." OAuth tokens and personal access tokens (classic) need the admin:org scope to use this endpoint. | |
set_github_actions_default_workflow_permissions_repository | replace | owner, repo | Sets the default workflow permissions granted to the GITHUB_TOKEN when running workflows in a repository, and sets if GitHub Actionscan submit approving pull request reviews. For more information, see "Setting the permissions of the GITHUB_TOKEN for your repository." OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint. | |
set_github_actions_default_workflow_permissions_organization | replace | org | Sets the default workflow permissions granted to the GITHUB_TOKEN when running workflows in an organization, and sets if GitHub Actionscan submit approving pull request reviews. For more information, see "Setting the permissions of the GITHUB_TOKEN for your organization." OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
org | string | The organization name. The name is not case sensitive. |
owner | string | The account owner of the repository. The name is not case sensitive. |
repo | string | The name of the repository without the .git extension. The name is not case sensitive. |
SELECT examples
- get_github_actions_default_workflow_permissions_repository
- get_github_actions_default_workflow_permissions_organization
Gets the default workflow permissions granted to the GITHUB_TOKEN when running workflows in a repository,
as well as if GitHub Actions can submit approving pull request reviews.
For more information, see "Setting the permissions of the GITHUB_TOKEN for your repository."
OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint.
SELECT
can_approve_pull_request_reviews,
default_workflow_permissions
FROM github.actions.default_workflow_permissions
WHERE owner = '{{ owner }}' -- required
AND repo = '{{ repo }}' -- required
;
Gets the default workflow permissions granted to the GITHUB_TOKEN when running workflows in an organization,
as well as whether GitHub Actions can submit approving pull request reviews. For more information, see
"Setting the permissions of the GITHUB_TOKEN for your organization."
OAuth tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
SELECT
can_approve_pull_request_reviews,
default_workflow_permissions
FROM github.actions.default_workflow_permissions
WHERE org = '{{ org }}' -- required
;
REPLACE examples
- set_github_actions_default_workflow_permissions_repository
- set_github_actions_default_workflow_permissions_organization
Sets the default workflow permissions granted to the GITHUB_TOKEN when running workflows in a repository, and sets if GitHub Actions
can submit approving pull request reviews.
For more information, see "Setting the permissions of the GITHUB_TOKEN for your repository."
OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.
REPLACE github.actions.default_workflow_permissions
SET
default_workflow_permissions = '{{ default_workflow_permissions }}',
can_approve_pull_request_reviews = {{ can_approve_pull_request_reviews }}
WHERE
owner = '{{ owner }}' --required
AND repo = '{{ repo }}' --required;
Sets the default workflow permissions granted to the GITHUB_TOKEN when running workflows in an organization, and sets if GitHub Actions
can submit approving pull request reviews. For more information, see
"Setting the permissions of the GITHUB_TOKEN for your organization."
OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint.
REPLACE github.actions.default_workflow_permissions
SET
default_workflow_permissions = '{{ default_workflow_permissions }}',
can_approve_pull_request_reviews = {{ can_approve_pull_request_reviews }}
WHERE
org = '{{ org }}' --required;