diff --git a/CHANGELOG.md b/CHANGELOG.md index a711de466d4..e2efab0d423 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,3 +4,4 @@ that this is a preview feature and if you find any bugs, please file them here: <https://github.com/firebase/firebase-tools/issues>. - Improve FAH onboarding flow to connect backends with SCMs (#6764). +- Fixed issue where GitHub actions would fail due to lack of permission. (#6791) diff --git a/src/init/features/hosting/github.ts b/src/init/features/hosting/github.ts index 9508ad1f659..421fb5faf40 100644 --- a/src/init/features/hosting/github.ts +++ b/src/init/features/hosting/github.ts @@ -277,6 +277,7 @@ function mkdirNotExists(dir: string): void { type GitHubWorkflowConfig = { name: string; on: string | { [key: string]: { [key: string]: string[] } }; + permissions?: string | { [key: string]: string }; jobs: { [key: string]: { if?: string; @@ -300,6 +301,11 @@ function writeChannelActionYMLFile( const workflowConfig: GitHubWorkflowConfig = { name: "Deploy to Firebase Hosting on PR", on: "pull_request", + permissions: { + checks: "write", + contents: "read", + "pull-requests": "write", + }, jobs: { ["build_and_preview"]: { if: "${{ github.event.pull_request.head.repo.full_name == github.repository }}", // secrets aren't accessible on PRs from forks