From cc300c9671c4c1cd2495a35e98a1ee463ed3f070 Mon Sep 17 00:00:00 2001
From: rzadp <roopert7@gmail.com>
Date: Mon, 28 Aug 2023 14:37:31 +0200
Subject: [PATCH] Permissions

---
 .github/workflows/rfc-propose.yml |  3 +++
 README.md                         | 14 ++++++++++++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/rfc-propose.yml b/.github/workflows/rfc-propose.yml
index e1fdb27..9b8e75a 100644
--- a/.github/workflows/rfc-propose.yml
+++ b/.github/workflows/rfc-propose.yml
@@ -4,6 +4,9 @@ on:
   issue_comment:
     types: [created]
 
+permissions:
+  pull-requests: write
+
 jobs:
   rfc-propose:
     name: Propose an RFC creation transaction
diff --git a/README.md b/README.md
index 2831142..5f1bd1a 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,15 @@ Learn more about the RFC proposal process [here](https://github.com/polkadot-fel
 To use the action in a repository, add a job that is going to run on specific comments on PRs:
 
 ```yaml
+name: RFC propose
+
+on:
+  issue_comment:
+    types: [created]
+
+permissions:
+  pull-requests: write
+
 jobs:
   rfc-propose:
     name: Propose an RFC creation transaction
@@ -20,10 +29,11 @@ jobs:
       - uses: paritytech/rfc-propose@main
     env:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
 ```
 
 ### Environment variables
 
 The action uses the `GH_TOKEN` environment variable supplied to it.
-The built-in `secrets.GITHUB_TOKEN` variable is enough - it has the access rights to comment on a PR,
-which is all that the actions needs.
+
+The built-in `secrets.GITHUB_TOKEN` can be used, as long as it has the `pull-requests` write permissions.