anthropics/claude-code-action
1
0
Fork 0
mirror of https://github.com/anthropics/claude-code-action.git synced 2026-01-26 08:54:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: send additional_permissions in token exchange request

Browse Source 
Parse the ADDITIONAL_PERMISSIONS env var and send it as a JSON body
in the OIDC token exchange request. Permissions are merged on top of
the standard defaults (contents: write, pull_requests: write,
issues: write).
This commit is contained in:
Ashwin Bhat
2026-01-24 17:03:44 -08:00
parent f64219702d
commit 774d5204a1
3 changed files with 156 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/configuration.md
View File

@@ -172,9 +172,11 @@ jobs:
**Important Notes**:
- The GitHub token must have the `actions: read` permission in your workflow
- The GitHub token must have the corresponding permission in your workflow
- If the permission is missing, Claude will warn you and suggest adding it
- Currently, only `actions: read` is supported, but the format allows for future extensions
- Any GitHub App permission can be requested (e.g. `actions: read`, `workflows: write`, `deployments: read`)
- The GitHub App installation must have the requested permission enabled for it to take effect
- Standard permissions (`contents: write`, `pull_requests: write`, `issues: write`) are always included and do not need to be specified
## Custom Environment Variables