Add note about auto-fixing workflow files with the default GitHub token

Fixes #65. Fixes #74.
wearerequired · Nov 30, 2020 · 7fa8d0c · 7fa8d0c
1 parent 709d8af
commit 7fa8d0c
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -107,6 +107,8 @@ jobs:
           prettier: true
 ```
 
+**Important:** Make sure to exclude the `.github` directory in your ESLint and Prettier configs as the default `GITHUB_TOKEN` **cannot** be used to update workflow files due to the missing `workflow` permission. See [Limitations](#limitations).
+
 ### PHP example (PHP_CodeSniffer)
 
 ```yml
@@ -264,13 +266,21 @@ Some options are not be available for specific linters:
 
 ## Limitations
 
+### Pull requests
+
 There are currently some limitations as to how this action (or any other action) can be used in the context of `pull_request` events from forks:
 
 - The action doesn't have permission to push auto-fix changes to the fork. This is because the `pull_request` event runs on the upstream repo, where the `github_token` is lacking permissions for the fork. [Source](https://github.heygears.community/t5/GitHub-Actions/Can-t-push-to-forked-repository-on-the-original-repository-s/m-p/35916/highlight/true#M2372)
 - The action doesn't have permission to create annotations for commits on forks and can therefore not display linting errors. [Source 1](https://github.heygears.community/t5/GitHub-Actions/Token-permissions-for-forks-once-again/m-p/33839), [source 2](https://github.com/actions/labeler/issues/12)
 
 For details and comments, please refer to [#13](https://github.com/wearerequired/lint-action/issues/13).
 
+### Auto-fixing workflow files
+
+If `auto_fix` is enabled and the default `GITHUB_TOKEN` is used, none of the linters should be allowed to change files in `.github/workflows` as the token doesn't have the necessary `workflow` permission. This can be achieved by adding the directory to the ignore config of the used linter. [Source](https://github.heygears.community/t/github-linting-remote-rejected/121365)
+
+For details and comments, please refer to [#65](https://github.com/wearerequired/lint-action/issues/65) and [#74](https://github.com/wearerequired/lint-action/issues/74).
+
 <br>
 
 [![a required open source product - let's get in touch](https://media.required.com/images/open-source-banner.png)](https://required.com/en/lets-get-in-touch/)