From 6c08a1a9f9f85ae744be101f7df416ddd3901b65 Mon Sep 17 00:00:00 2001
From: Daniel Pawlik <dpawlik@redhat.com>
Date: Fri, 7 Nov 2025 11:08:31 +0100
Subject: [PATCH] Change Github Action permissions

Currently the commit-message-validator.yml Github Action raise an issue
when the commit message is improper:

    Resource not accessible by integration

Let's try if this would help.

Signed-off-by: Daniel Pawlik <dpawlik@redhat.com>
---
 .../workflows/commit-message-validator.yml    | 31 ++++++++++++++++---
 1 file changed, 26 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/commit-message-validator.yml b/.github/workflows/commit-message-validator.yml
index 075a47e580..098d043fed 100644
--- a/.github/workflows/commit-message-validator.yml
+++ b/.github/workflows/commit-message-validator.yml
@@ -1,26 +1,46 @@
 name: Check if commit message body is not too short
 
 on:
+  pull_request_target:
+    types: [opened, synchronize, edited, reopened]
   pull_request:
     types: [opened, synchronize, edited, reopened]
 
+permissions: {}
+
 jobs:
   verify-body-length:
     runs-on: ubuntu-latest
     # set as non-voting for now.
     continue-on-error: true
 
-    permissions:
-      contents: write
-      pull-requests: write
-      repository-projects: write
-
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
+      - name: Generate GitHub App Token
+        id: generate_token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ secrets.COMMENTER_APP_ID }}
+          private-key: ${{ secrets.COMMENTER_APP_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+          repositories: ci-framework
+
+      - name: Post comment
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ steps.generate_token.outputs.token }}
+          script: |
+            github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              body: 'my comment'
+            })
+
       - name: Dump commit message to file
         run: |
           git fetch origin ${{ github.event.pull_request.head.sha }}
@@ -42,3 +62,4 @@ jobs:
           issue-number: ${{ github.event.pull_request.number }}
           body-path: ./result.log
           reactions: confused
+          token: ${{ steps.generate_token.outputs.token }}