From 37327dd54559bda03b5bb0b30736d048178a9d8b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=2E=20Fatih=20C=C4=B1r=C4=B1t?= <mfc@autoware.org>
Date: Mon, 9 Dec 2024 16:01:35 +0300
Subject: [PATCH 1/2] ci(pr-agent): remove contents write permission due to
 security
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: M. Fatih Cırıt <mfc@autoware.org>
---
 .github/workflows/pr-agent.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pr-agent.yaml b/.github/workflows/pr-agent.yaml
index 5cd0845b3d9b4..3f46b7bbbb2ee 100644
--- a/.github/workflows/pr-agent.yaml
+++ b/.github/workflows/pr-agent.yaml
@@ -17,7 +17,7 @@ jobs:
     permissions:
       issues: write
       pull-requests: write
-      contents: write
+      contents: read
     name: Run pr agent on every pull request, respond to user comments
     steps:
       - name: PR Agent action step

From 151c40493b6187cbf5a52f6878c3566f4b383d9f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=2E=20Fatih=20C=C4=B1r=C4=B1t?= <mfc@autoware.org>
Date: Mon, 9 Dec 2024 16:25:00 +0300
Subject: [PATCH 2/2] cspell
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: M. Fatih Cırıt <mfc@autoware.org>
---
 .github/workflows/pr-agent.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/pr-agent.yaml b/.github/workflows/pr-agent.yaml
index 3f46b7bbbb2ee..a60e65ccf7b32 100644
--- a/.github/workflows/pr-agent.yaml
+++ b/.github/workflows/pr-agent.yaml
@@ -35,6 +35,7 @@ jobs:
           config.model_turbo: gpt-4o
           config.max_model_tokens: 64000
           pr_code_suggestions.max_context_tokens: 12000
+          # cSpell:ignore commitable
           pr_code_suggestions.commitable_code_suggestions: true
           pr_reviewer.enable_review_labels_effort: false
           pr_reviewer.enable_review_labels_security: false