From 71484c22ea7fa1f7fbbd58297cdb7e54ed2ccc9d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Henrik=20Lundstr=C3=B6m?= <henrik.lundstrom@nordnet.se>
Date: Fri, 6 Sep 2024 17:13:39 +0200
Subject: [PATCH] fix: Permission for GitHub app to support mergeable minus
 apply check (#4902)

---
 runatlantis.io/docs/access-credentials.md   | 3 +++
 server/controllers/github_app_controller.go | 1 +
 2 files changed, 4 insertions(+)

diff --git a/runatlantis.io/docs/access-credentials.md b/runatlantis.io/docs/access-credentials.md
index 7d7410ee03..d7b76573ce 100644
--- a/runatlantis.io/docs/access-credentials.md
+++ b/runatlantis.io/docs/access-credentials.md
@@ -95,6 +95,8 @@ GitHub App needs these permissions. These are automatically set when a GitHub ap
 Since v0.19.7, a new permission for `Administration` has been added. If you have already created a GitHub app, updating Atlantis to v0.19.7 will not automatically add this permission, so you will need to set it manually.
 
 Since v0.22.3, a new permission for `Members` has been added, which is required for features that apply permissions to an organizations team members rather than individual users. Like the `Administration` permission above, updating Atlantis will not automatically add this permission, so if you wish to use features that rely on checking team membership you will need to add this manually.
+
+A new permission for `Actions` has been added, which is required for checking if a pull request is mergbeably bypassing the apply check. Updating Atlantis will not automatically add this permission, so you will need to add this manually.
 :::
 
 | Type            | Access              |
@@ -108,6 +110,7 @@ Since v0.22.3, a new permission for `Members` has been added, which is required
 | Pull requests   | Read and write      |
 | Webhooks        | Read and write      |
 | Members         | Read-only           |
+| Actions         | Read-only           |
 
 ### GitLab
 
diff --git a/server/controllers/github_app_controller.go b/server/controllers/github_app_controller.go
index 5b175d1336..f6c72dc70b 100644
--- a/server/controllers/github_app_controller.go
+++ b/server/controllers/github_app_controller.go
@@ -123,6 +123,7 @@ func (g *GithubAppController) New(w http.ResponseWriter, _ *http.Request) {
 			"statuses":         "write",
 			"administration":   "read",
 			"members":          "read",
+			"actions":          "read",
 		},
 	}