feat: update permission inputs (#358)

Bumps [@octokit/openapi](https://github.com/octokit/openapi) from 21.0.0
to 22.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/octokit/openapi/releases"><code>@​octokit/openapi</code>'s
releases</a>.</em></p>
<blockquote>
<h2>v22.0.0</h2>
<h1><a
href="https://github.com/octokit/openapi/compare/v21.0.0...v22.0.0">22.0.0</a>
(2025-12-09)</h1>
<h3>Features</h3>
<ul>
<li>drop projects-classic endpoints, add GitHub API endpoints: cache
limits (retention &amp; storage) for repos/orgs/enterprises, billing
budgets &amp; usage, artifacts deployment metadata, and projectsV2
drafts &amp; fields (<a
href="https://redirect.github.com/octokit/openapi/issues/518">#518</a>)
(<a
href="b0c44a4ab1">b0c44a4</a>)</li>
</ul>
<h3>BREAKING CHANGES</h3>
<ul>
<li>Removed <code>/orgs/{org}/projects</code></li>
<li>Removed <code>/orgs/{org}/settings/billing/actions</code></li>
<li>Removed <code>/orgs/{org}/settings/billing/packages</code></li>
<li>Removed
<code>/orgs/{org}/settings/billing/shared-storage</code></li>
<li>Removed <code>/orgs/{org}/teams/{team_slug}/projects</code></li>
<li>Removed
<code>/orgs/{org}/teams/{team_slug}/projects/{project_id}</code></li>
<li>Removed <code>/projects/columns/{column_id}</code></li>
<li>Removed <code>/projects/columns/{column_id}/moves</code></li>
<li>Removed <code>/projects/{project_id}</code></li>
<li>Removed <code>/projects/{project_id}/collaborators</code></li>
<li>Removed
<code>/projects/{project_id}/collaborators/{username}</code></li>
<li>Removed
<code>/projects/{project_id}/collaborators/{username}/permission</code></li>
<li>Removed <code>/repos/{owner}/{repo}/projects</code></li>
<li>Removed <code>/teams/{team_id}/projects</code></li>
<li>Removed <code>/teams/{team_id}/projects/{project_id}</code></li>
<li>Removed <code>/user/projects</code></li>
<li>Removed <code>/users/{username}/projects</code></li>
<li>Removed <code>/users/{username}/settings/billing/actions</code></li>
<li>Removed
<code>/users/{username}/settings/billing/packages</code></li>
<li>Removed
<code>/users/{username}/settings/billing/shared-storage</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6f63b86ab7"><code>6f63b86</code></a>
build(deps): lock file maintenance (<a
href="https://redirect.github.com/octokit/openapi/issues/520">#520</a>)</li>
<li><a
href="b0c44a4ab1"><code>b0c44a4</code></a>
feat: drop projects-classic endpoints, add GitHub API endpoints: cache
limits...</li>
<li><a
href="a8043eb055"><code>a8043eb</code></a>
ci(action): update actions/checkout action to v6 (<a
href="https://redirect.github.com/octokit/openapi/issues/519">#519</a>)</li>
<li><a
href="af315cd293"><code>af315cd</code></a>
build(deps): lock file maintenance (<a
href="https://redirect.github.com/octokit/openapi/issues/514">#514</a>)</li>
<li><a
href="170f3965b9"><code>170f396</code></a>
build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (<a
href="https://redirect.github.com/octokit/openapi/issues/516">#516</a>)</li>
<li><a
href="077a1b94a2"><code>077a1b9</code></a>
build(deps): lock file maintenance (<a
href="https://redirect.github.com/octokit/openapi/issues/508">#508</a>)</li>
<li><a
href="cfca956d30"><code>cfca956</code></a>
ci(action): update github/codeql-action action to v4 (<a
href="https://redirect.github.com/octokit/openapi/issues/510">#510</a>)</li>
<li><a
href="f15da93d54"><code>f15da93</code></a>
ci(action): update peter-evans/create-or-update-comment action to v5 (<a
href="https://redirect.github.com/octokit/openapi/issues/509">#509</a>)</li>
<li><a
href="64bef332f5"><code>64bef33</code></a>
chore(deps): update dependency map-obj to v6 (<a
href="https://redirect.github.com/octokit/openapi/issues/507">#507</a>)</li>
<li><a
href="4e8e223e56"><code>4e8e223</code></a>
chore(deps): update dependency github-enterprise-server-versions to v3
(<a
href="https://redirect.github.com/octokit/openapi/issues/511">#511</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/octokit/openapi/compare/v21.0.0...v22.0.0">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by [GitHub Actions](<a
href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a>
Actions), a new releaser for <code>@​octokit/openapi</code> since your
current version.</p>
</details>
<br />

Resolves https://github.com/github/gh-aw/issues/18921.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

action.yml

@@ -31,6 +31,10 @@ inputs:
     description: "The level of permission to grant the access token for GitHub Actions workflows, workflow runs, and artifacts. Can be set to 'read' or 'write'."
   permission-administration:
     description: "The level of permission to grant the access token for repository creation, deletion, settings, teams, and collaborators creation. Can be set to 'read' or 'write'."
+  permission-artifact-metadata:
+    description: "The level of permission to grant the access token to create and retrieve build artifact metadata records. Can be set to 'read' or 'write'."
+  permission-attestations:
+    description: "The level of permission to create and retrieve the access token for repository attestations. Can be set to 'read' or 'write'."
   permission-checks:
     description: "The level of permission to grant the access token for checks on code. Can be set to 'read' or 'write'."
   permission-codespaces:
@@ -43,6 +47,8 @@ inputs:
     description: "The level of permission to grant the access token to manage Dependabot secrets. Can be set to 'read' or 'write'."
   permission-deployments:
     description: "The level of permission to grant the access token for deployments and deployment statuses. Can be set to 'read' or 'write'."
+  permission-discussions:
+    description: "The level of permission to grant the access token for discussions and related comments and labels. Can be set to 'read' or 'write'."
   permission-email-addresses:
     description: "The level of permission to grant the access token to manage the email addresses belonging to a user. Can be set to 'read' or 'write'."
   permission-enterprise-custom-properties-for-organizations:
@@ -61,6 +67,8 @@ inputs:
     description: "The level of permission to grant the access token for issues and related comments, assignees, labels, and milestones. Can be set to 'read' or 'write'."
   permission-members:
     description: "The level of permission to grant the access token for organization teams and members. Can be set to 'read' or 'write'."
+  permission-merge-queues:
+    description: "The level of permission to grant the access token to manage the merge queues for a repository. Can be set to 'read' or 'write'."
   permission-metadata:
     description: "The level of permission to grant the access token to search repositories, list collaborators, and access repository metadata. Can be set to 'read' or 'write'."
   permission-organization-administration:

package-lock.json

@@ -15,7 +15,7 @@
         "p-retry": "^8.0.0"
       },
       "devDependencies": {
-        "@octokit/openapi": "^21.0.0",
+        "@octokit/openapi": "^22.0.0",
         "c8": "^11.0.0",
         "esbuild": "^0.27.4",
         "open-cli": "^9.0.0",
@@ -671,9 +671,9 @@
       }
     },
     "node_modules/@octokit/openapi": {
-      "version": "21.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/openapi/-/openapi-21.0.0.tgz",
-      "integrity": "sha512-NybZQUNsa6yErKW1EEniJs0c/KFEFkXOrWlHk9IVFkY2OC5SQJMsjJnfCfVFyIuBjt8qBHGTopri7y/cKafxPQ==",
+      "version": "22.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/openapi/-/openapi-22.0.0.tgz",
+      "integrity": "sha512-Rpif7FjTjFEBSU+amIRHUAIAHwgg+tVJdTiQuU2GEWDniZxmWjxZCgJ4V9GEp2GXnq/Bl+TrjEvwAl9PB29NAQ==",
       "dev": true,
       "license": "MIT",
       "engines": {

package.json

@@ -22,7 +22,7 @@
     "p-retry": "^8.0.0"
   },
   "devDependencies": {
-    "@octokit/openapi": "^21.0.0",
+    "@octokit/openapi": "^22.0.0",
     "c8": "^11.0.0",
     "esbuild": "^0.27.4",
     "open-cli": "^9.0.0",

scripts/generated/app-permissions.json

@@ -19,6 +19,22 @@
         "write"
       ]
     },
+    "artifact_metadata": {
+      "type": "string",
+      "description": "The level of permission to grant the access token to create and retrieve build artifact metadata records.",
+      "enum": [
+        "read",
+        "write"
+      ]
+    },
+    "attestations": {
+      "type": "string",
+      "description": "The level of permission to create and retrieve the access token for repository attestations.",
+      "enum": [
+        "read",
+        "write"
+      ]
+    },
     "checks": {
       "type": "string",
       "description": "The level of permission to grant the access token for checks on code.",
@@ -59,6 +75,14 @@
         "write"
       ]
     },
+    "discussions": {
+      "type": "string",
+      "description": "The level of permission to grant the access token for discussions and related comments and labels.",
+      "enum": [
+        "read",
+        "write"
+      ]
+    },
     "environments": {
       "type": "string",
       "description": "The level of permission to grant the access token for managing repository environments.",
@@ -75,6 +99,14 @@
         "write"
       ]
     },
+    "merge_queues": {
+      "type": "string",
+      "description": "The level of permission to grant the access token to manage the merge queues for a repository.",
+      "enum": [
+        "read",
+        "write"
+      ]
+    },
     "metadata": {
       "type": "string",
       "description": "The level of permission to grant the access token to search repositories, list collaborators, and access repository metadata.",