Describe which permissions this action needs

[MPV]

Hi,
Could we please document which permissions that's needed to be able to use this action?

Docs for this is here:

• https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[MPV]

For example, running linters such as checkov on workflows using what's suggested in this action might give warnings like:

github_actions scan results:

Passed checks: 0, Failed checks: 1, Skipped checks: 0

Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
	FAILED for resource: on(Reviewdog suggester)
Error: 	File: /.github/workflows/reviewdog-suggester.yaml:0-1

[MPV]

Is this the way to go?

permissions:
  contents: write

Or could we do with even less permissions?

[adityaraute]

How do we verify though? Every repo may have different restrictions on permissions like this one prevents a write-all permission. I wonder if we can do anything about it

[shogo82148]

we don't need contents: write, contents: read is enough.
To write review comments and checks, we need some extra permissions:

permissions:
  contents: read
  checks: write
  issues: write
  pull-requests: write