chore: add extraPermissions to generate action.yml

sekhar-isovalent · sekhar-isovalent · commit 585d73b47dbd · 2025-12-11T11:51:28.000Z
Signed-off-by: Sekhar Sankaramanchi &lt;sekhar@isovalent.com&gt;
diff --git a/action.yml b/action.yml
@@ -31,6 +31,8 @@ inputs:
     description: "The level of permission to grant the access token for GitHub Actions workflows, workflow runs, and artifacts. Can be set to 'read' or 'write'."
   permission-administration:
     description: "The level of permission to grant the access token for repository creation, deletion, settings, teams, and collaborators creation. Can be set to 'read' or 'write'."
+  permission-attestations:
+    description: "The level of permission to grant the access token to create and manage GitHub attestations. Can be set to 'read' or 'write'."
   permission-checks:
     description: "The level of permission to grant the access token for checks on code. Can be set to 'read' or 'write'."
   permission-codespaces:
@@ -123,6 +125,8 @@ inputs:
     description: "The level of permission to grant the access token for commit statuses. Can be set to 'read' or 'write'."
   permission-team-discussions:
     description: "The level of permission to grant the access token to manage team discussions and related comments. Can be set to 'read' or 'write'."
+  permission-variables:
+    description: "The level of permission to grant the access token to manage GitHub Actions configuration variables. Can be set to 'read' or 'write'."
   permission-vulnerability-alerts:
     description: "The level of permission to grant the access token to manage Dependabot alerts. Can be set to 'read' or 'write'."
   permission-workflows:
diff --git a/scripts/update-permission-inputs.js b/scripts/update-permission-inputs.js
@@ -13,7 +13,25 @@ await writeFile(
   "utf8"
 );
 
-const permissionsInputs = Object.entries(appPermissionsSchema.properties)
+const extraPermissions = {
+  variables: {
+    type: "string",
+    description:
+      "The level of permission to grant the access token to manage GitHub Actions configuration variables.",
+    enum: ["read", "write"],
+  },
+  attestations: {
+    type: "string",
+    description:
+      "The level of permission to grant the access token to create and manage GitHub attestations.",
+    enum: ["read", "write"],
+  },
+};
+
+const permissionsInputs = Object.entries({
+  ...appPermissionsSchema.properties,
+  ...extraPermissions,
+})
   .sort((a, b) => a[0].localeCompare(b[0]))
   .reduce((result, [key, value]) => {
     const formatter = new Intl.ListFormat("en", {
