* Use OIDC keys for the OSPO API
* add id-token write permissions
* add id-token write permissions
---------
Co-authored-by: Bill Wagner <wiwagn@microsoft.com>
GitHub permissions are ANDed, not ORed. So, even though the sequester app was given permission to read and write pull requests, the configuration in YAML prevented it.
This ensures that if a PR is tagged as a work item, it will be imported correctly.
Quest runs nightly, rather than on each label update.
The following changes make that happen:
- The bulk action runs once a day, at a hopefully convenient time.
- The single item workflow runs only in response to a workflow dispatch event (user started)
- For security reasons, limit the permissions to write *issues*, not *contents*
* add Quest github action
This action installs the Quest workflow into this repo.
It will import or update Quest work items based on GitHub issues and configured labels.
* better filter
* Apply suggestions from code review
Co-authored-by: David Pine <david.pine@microsoft.com>
Co-authored-by: David Pine <david.pine@microsoft.com>
David Britch
Andy (Steve) De George
Bill Wagner
David Pine
Youssef Victor