Permissions are not documented

[AlekSi]

Is your feature request related to a problem? Please describe.

I tried to use lfs-warnings for pull_request events from forks of a public repo. I got "Resource not accessible by integration" error.
PR in question: FerretDB/FerretDB#1371

Describe the solution you'd like

lfs-warnings should document what permissions it needs.

[ianlewis]

The action tries to create the PR label if it doesn't exist already. PRs don't have access to do do that.
https://github.com/ActionsDesk/lfs-warning/blob/e5f9a4c21f4bee104db7c0f23954dde59e5df909/src/index.ts#L163-L169

You can work around this error by pre-creating the label manually.

[AlekSi]

I created use-git-lfs label: https://github.com/FerretDB/FerretDB/labels
I configured lfs-warning to use it: https://github.com/FerretDB/FerretDB/blob/cd52bc76204357a615dc8a896e54c92bf2b3ebb1/.github/workflows/docs.yml#L41-L47
I created test PR: FerretDB/FerretDB#1797
It still fails with the same error message: https://github.com/FerretDB/FerretDB/actions/runs/3914014480/jobs/6690585846

I guess it fails later while trying to add a label and comment to PR. That functionality is also not available to PRs from forks. But at least it produces a file list, even if the last error message is confusing.

[Young-Lord]

Maybe pull_request_target is the only solution. See official docs, it says This event allows your workflow to do things like label or comment on pull requests from forks.

[mahor1221]

I fixed the error by adding the pull-requests: write permission:

jobs:
  check:
    name: Check
    runs-on: ubuntu-latest
    permissions:
      # required for ppremk/lfs-warning
      pull-requests: write
    steps:
      ...