From 8345c8858b75523ce55dbe63c5b766fd0d59144a Mon Sep 17 00:00:00 2001
From: Brandt Keller <brandt.keller@defenseunicorns.com>
Date: Tue, 9 Jul 2024 14:09:19 +0000
Subject: [PATCH] fix(actions): adjust permissions and add token

---
 .github/actions/notify-lula/action.yaml | 8 ++++++++
 .github/workflows/test.yaml             | 2 ++
 2 files changed, 10 insertions(+)

diff --git a/.github/actions/notify-lula/action.yaml b/.github/actions/notify-lula/action.yaml
index 69dd25985..c3e978a0d 100644
--- a/.github/actions/notify-lula/action.yaml
+++ b/.github/actions/notify-lula/action.yaml
@@ -1,6 +1,7 @@
 name: Notify Lula
 description: "Comment on PR to notify Lula Team"
 
+
 inputs:
   state:
     description: 'state of the comment update'
@@ -10,6 +11,9 @@ inputs:
     description: 'flavor of the comment update'
     required: true
     default: ''
+  ghToken:
+    description: 'GITHUB_TOKEN'
+    required: true
 
 runs:
   using: composite
@@ -21,12 +25,14 @@ runs:
         issue-number: ${{ github.event.pull_request.number }}
         comment-author: 'github-actions[bot]'
         body-includes: Compliance ${{ inputs.flavor }} Evaluation
+        token: ${{ inputs.ghToken }}
 
     - name: Create comment
       if: ${{ steps.fc.outputs.comment-id == '' && inputs.state == 'failure'}}
       uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
       with:
         issue-number: ${{ github.event.pull_request.number }}
+        token: ${{ inputs.ghToken }}
         body: |
           Compliance ${{ inputs.flavor }} Evaluation: ${{ inputs.state }}
 
@@ -37,6 +43,8 @@ runs:
       uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
       with:
         comment-id: ${{ steps.fc.outputs.comment-id }}
+        token: ${{ inputs.ghToken }}
+        edit-mode: replace
         body: |
           Compliance ${{ inputs.flavor }} Evaluation: ${{ inputs.state }}
 
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index f492634e5..42c3c9cbd 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -34,6 +34,7 @@ on:
 
 permissions:
   contents: read
+  pull-requests: write
 
 jobs:
   test:
@@ -80,6 +81,7 @@ jobs:
         with:
           state: ${{ steps.compliance-evaluation.outcome }}
           flavor: ${{ inputs.flavor }}
+          ghToken: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Store UDS Core Compliance Assessment Results
         if: ${{ inputs.package == 'all' && inputs.test_type == 'install' }}