From b9fead368fd2edd4cf9d4d4b80adc12ecec0ca77 Mon Sep 17 00:00:00 2001
From: Brandon Duffany <brandon@buildbuddy.io>
Date: Thu, 19 Dec 2024 16:13:56 -0500
Subject: [PATCH] Add comment

---
 enterprise/server/webhooks/github/github.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/enterprise/server/webhooks/github/github.go b/enterprise/server/webhooks/github/github.go
index d88df4bdab4..269f6720b48 100644
--- a/enterprise/server/webhooks/github/github.go
+++ b/enterprise/server/webhooks/github/github.go
@@ -263,6 +263,8 @@ func (*githubGitProvider) IsTrusted(ctx context.Context, accessToken, repoURL, u
 		}
 		return false, status.UnknownErrorf("get permission level: %s", err)
 	}
+	// Trusted workflows get cache write perms, so if the user doesn't have
+	// write perms for the repo then don't consider the workflow trusted.
 	return level.GetPermission() == "admin" || level.GetPermission() == "write", nil
 }