Update README with required permissions info (#219)

joshspicer · web-flow · commit c40c27d8968d · 2024-08-27T15:28:32.000-07:00
* Update README with required permissions info Related: devcontainers/template-starter#36 , microsoft/vscode#226686 (comment) * add pull request tips and setting a public tips * grammar and style pass
diff --git a/README.md b/README.md
@@ -23,6 +23,51 @@ See the [action.yml](https://github.com/devcontainers/action/blob/main/action.ym
 
 To best get started, create your own repo from the [`devcontainers/feature-starter`](https://github.com/devcontainers/feature-starter) or  [`devcontainers/template-starter`](https://github.com/devcontainers/template-starter) repos, customize the provided examples, and trigger the `release.yaml` workflow.
 
+### Permissions
+
+#### Workflow permissions
+
+Running this action requires the following [permissions](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github_token) be granted:
+
+- `packages: write`
+- `contents: write`
+- `pull-requests: write`
+
+For example:
+
+```yaml
+jobs:
+  deploy:
+    if: ${{ github.ref == 'refs/heads/main' }}
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: write
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: "Publish Templates"
+        uses: devcontainers/action@v1
+        with:
+          publish-templates: "true"
+          base-path-to-templates: "./src"
+```
+
+#### Enable creation of pull requests
+
+This action will auto-generate documentation and create a pull request of those changes for your review.
+
+Ensure [**Allow GitHub Actions to create and approve pull requests**](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#preventing-github-actions-from-creating-or-approving-pull-requests) is enabled in your repo settings.
+
+#### Optional: Setting Features/Templates as public
+
+Features or Templates published to a registry are **private** by default.  Access controls are managed by the registry. To share your Feature or Template with others outside your organization, you may update the visibility to public.
+
+To do so, publish your Feature or Template and navigate to its setting page. To see packages you have published to the GitHub Container Registry, navigate to the following URL:
+
+`https://github.com/<YOUR_GITHUB_USERNAME>?tab=packages`
+
 ### Pinning `devcontainer` CLI version
 
 This action heavily relies on the [devcontainers/cli](https://github.com/devcontainers/cli) for various operations.  By default, this action will fetch the latest version published to [npm](https://www.npmjs.com/package/@devcontainers/cli).  The `devcontainer-cli-version` property can be used to pin to a specific CLI release. Eg:
