feat: add allowed_non_write_users input to bypass permission checks (#550)

* chore: bump Claude Code version to 1.0.108 * triage fix --------- Co-authored-by: GitHub Actions <actions@github.com>
2026-01-22 22:44:13 +08:00 · 2025-09-07 14:20:02 -07:00
parent 1a8e7d330a
commit 69dec299f8
12 changed files with 261 additions and 162 deletions
--- a/action.yml
+++ b/action.yml
@@ -27,6 +27,10 @@ inputs:
    description: "Comma-separated list of allowed bot usernames, or '*' to allow all bots. Empty string (default) allows no bots."
    required: false
    default: ""
+  allowed_non_write_users:
+    description: "Comma-separated list of usernames to allow without write permissions, or '*' to allow all users. Only works when github_token input is provided. WARNING: Use with extreme caution - this bypasses security checks and should only be used for workflows with very limited permissions (e.g., issue labeling)."
+    required: false
+    default: ""

  # Claude Code configuration
  prompt:
@@ -148,6 +152,7 @@ runs:
        BRANCH_PREFIX: ${{ inputs.branch_prefix }}
        OVERRIDE_GITHUB_TOKEN: ${{ inputs.github_token }}
        ALLOWED_BOTS: ${{ inputs.allowed_bots }}
+        ALLOWED_NON_WRITE_USERS: ${{ inputs.allowed_non_write_users }}
        GITHUB_RUN_ID: ${{ github.run_id }}
        USE_STICKY_COMMENT: ${{ inputs.use_sticky_comment }}
        DEFAULT_WORKFLOW_TOKEN: ${{ github.token }}