Review Permissions for the "Issue Trigger" workflow

[t-will-gillis]

Overview

We need to change the permissions for the default GITHUB_TOKEN from read/write to read only per GitHub's recommendation for security best practice.

Action Items

Open file issue-trigger.yml.

• Near the top of the file immediately before the line jobs: insert:

    # Set defaults for GITHUB_TOKEN
    permissions:
      contents: read
      issues: read
  

• Trigger the workflow to confirm whether it runs with no further changes.

If there are errors:

• Check which step of the workflow failed occurred and the reason for the failure in the workflow logs.
• Research which permissions the API action requires. Many of the actions need issues: write, so you can change issues: read to issues: write on the line above and rerun.
• Continue adding permissions back to the workflow until there are no errors.

Note that any workflow steps that include a personal access token (i.e. HACKFORLA_BOT_PA_TOKEN, etc.) do not need any changes.

Resources/Instructions

• GitHub GraphQL Explorer
• GitHub GraphQL API
• Refer to The "Hack for LA's GitHub Actions" Wiki guide needs additional explanation #6537 (comment), especially Tips 6, 7, and 8, if you have not already created you personal environment for testing.
• How to Test GitHub Actions
• Additional Notes for GitHub Actions
• Tokens, Secrets, Scopes, & Permissions

[HackforLABot]

Hi @t-will-gillis, thank you for taking up this issue! Hfla appreciates you :)

Do let fellow developers know about your:-
i. Availability: (When are you available to work on the issue/answer questions other programmers might have about your issue?)
ii. ETA: (When do you expect this issue to be completed?)

You're awesome!

P.S. - You may not take up another issue until this issue gets merged (or closed). Thanks again :)