.github/aw/actions-lock.json

-Original file line number
+Diff line change
@@ Expand Up / @@ -75,6 +75,11 @@ @@
           "version": "v4.8.0",
           "sha": "c1e323688fd81a25caa38c78aa6df2d33d3e20d9"
         },
+        "actions/setup-node@v6": {
+          "repo": "actions/setup-node",
+          "version": "v6",
+          "sha": "6044e13b5dc448c55e2357c09f80417699197238"
+        },
         "actions/setup-node@v6.1.0": {
           "repo": "actions/setup-node",
           "version": "v6.1.0",
@@ Expand Down @@

.github/workflows/slide-deck-maintainer.lock.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

.github/workflows/tidy.lock.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

actions/setup/js/check_membership.cjs

-Original file line number
+Diff line change
@@ Expand Up / @@ -93,7 +93,11 @@ async function main() { @@
         core.setOutput("is_team_member", "false");
         core.setOutput("result", "insufficient_permissions");
         core.setOutput("user_permission", result.permission);
-        core.setOutput("error_message", `Access denied: User '${actor}' is not authorized. Required permissions: ${requiredPermissions.join(", ")}`);
+        core.setOutput(
+          "error_message",
+          `Access denied: User '${actor}' is not authorized. Required permissions: ${requiredPermissions.join(", ")}. ` +
+            `To allow this user to run the workflow, add their role to the frontmatter. Example: roles: [${requiredPermissions.join(", ")}, ${result.permission}]`
+        );
       }
     }
@@ Expand Down @@

actions/setup/js/check_membership.test.cjs

-Original file line number
+Diff line change
@@ Expand Up / @@ -221,7 +221,10 @@ describe("check_membership.cjs", () => { @@
           expect(mockCore.setOutput).toHaveBeenCalledWith("is_team_member", "false");
           expect(mockCore.setOutput).toHaveBeenCalledWith("result", "insufficient_permissions");
           expect(mockCore.setOutput).toHaveBeenCalledWith("user_permission", "read");
-          expect(mockCore.setOutput).toHaveBeenCalledWith("error_message", "Access denied: User 'testuser' is not authorized. Required permissions: admin, write");
+          expect(mockCore.setOutput).toHaveBeenCalledWith(
+            "error_message",
+            "Access denied: User 'testuser' is not authorized. Required permissions: admin, write. To allow this user to run the workflow, add their role to the frontmatter. Example: roles: [admin, write, read]"
+          );
         });
         it("should authorize user with write permission when write is in allowed list", async () => {
@@ Expand Down @@

Add frontmatter example to role check error message #10032

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

pelikhan merged 3 commits into main from copilot/update-role-check-message

Jan 15, 2026

-Original file line number
+Diff line change
@@ Expand Up / @@ -75,6 +75,11 @@ @@
           "version": "v4.8.0",
           "sha": "c1e323688fd81a25caa38c78aa6df2d33d3e20d9"
         },
+        "actions/setup-node@v6": {
+          "repo": "actions/setup-node",
+          "version": "v6",
+          "sha": "6044e13b5dc448c55e2357c09f80417699197238"
+        },
         "actions/setup-node@v6.1.0": {
           "repo": "actions/setup-node",
           "version": "v6.1.0",
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -93,7 +93,11 @@ async function main() { @@
         core.setOutput("is_team_member", "false");
         core.setOutput("result", "insufficient_permissions");
         core.setOutput("user_permission", result.permission);
-        core.setOutput("error_message", `Access denied: User '${actor}' is not authorized. Required permissions: ${requiredPermissions.join(", ")}`);
+        core.setOutput(
+          "error_message",
+          `Access denied: User '${actor}' is not authorized. Required permissions: ${requiredPermissions.join(", ")}. ` +
+            `To allow this user to run the workflow, add their role to the frontmatter. Example: roles: [${requiredPermissions.join(", ")}, ${result.permission}]`
+        );
       }
     }
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -221,7 +221,10 @@ describe("check_membership.cjs", () => { @@
           expect(mockCore.setOutput).toHaveBeenCalledWith("is_team_member", "false");
           expect(mockCore.setOutput).toHaveBeenCalledWith("result", "insufficient_permissions");
           expect(mockCore.setOutput).toHaveBeenCalledWith("user_permission", "read");
-          expect(mockCore.setOutput).toHaveBeenCalledWith("error_message", "Access denied: User 'testuser' is not authorized. Required permissions: admin, write");
+          expect(mockCore.setOutput).toHaveBeenCalledWith(
+            "error_message",
+            "Access denied: User 'testuser' is not authorized. Required permissions: admin, write. To allow this user to run the workflow, add their role to the frontmatter. Example: roles: [admin, write, read]"
+          );
         });
         it("should authorize user with write permission when write is in allowed list", async () => {
@@ Expand Down @@

Provide feedback