Compare commits

...

1 Commits

Author SHA1 Message Date
Salman Muin Kayser Chishti 7520561423 Add workflows permission to schema
Add 'workflows' as a valid permission scope in the permissions-mapping
schema. The workflows permission supports only 'write' (or none),
matching the GitHub App permissions model where workflows: write
allows updating GitHub Actions workflow files.

This enables autocomplete and validation for 'permissions: workflows:'
in workflow YAML files.
2026-04-10 23:26:45 +01:00
2 changed files with 43 additions and 0 deletions
+39
View File
@@ -1016,6 +1016,45 @@ jobs:
});
});
describe("permissions workflows completion", () => {
it("includes workflows in top-level permissions", async () => {
const input = `on: push
permissions:
|`;
const result = await complete(...getPositionFromCursor(input));
expect(result).not.toBeUndefined();
const labels = result.map(x => x.label);
expect(labels).toContain("workflows");
});
it("offers only write and none for workflows", async () => {
const input = `on: push
permissions:
workflows: |`;
const result = await complete(...getPositionFromCursor(input));
expect(result).not.toBeUndefined();
const labels = result.map(x => x.label);
expect(labels).toContain("write");
expect(labels).not.toContain("read");
});
it("includes workflows in job-level permissions", async () => {
const input = `on: push
jobs:
build:
runs-on: ubuntu-latest
permissions:
|`;
const result = await complete(...getPositionFromCursor(input));
expect(result).not.toBeUndefined();
const labels = result.map(x => x.label);
expect(labels).toContain("workflows");
});
});
describe("service container command/entrypoint completion", () => {
it("suggests entrypoint and command in service container", async () => {
const input = `on: push
+4
View File
@@ -1649,6 +1649,10 @@
"statuses": {
"type": "permission-level-any",
"description": "Commit statuses."
},
"workflows": {
"type": "permission-level-write-or-no-access",
"description": "Update GitHub Actions workflow files."
}
}
}