diff --git a/README.md b/README.md
index b0f6224..64dc025 100644
--- a/README.md
+++ b/README.md
@@ -311,8 +311,17 @@ jobs:
           git commit -m "generated"
           git push
 ```
+
 *NOTE:* The user email is `{user.id}+{user.login}@users.noreply.github.com`. See users API: https://api.github.com/users/github-actions%5Bbot%5D
 
+# Recommended permissions
+
+When using the `checkout` action in your GitHub Actions workflow, it is recommended to set the following `GITHUB_TOKEN` permissions to ensure proper functionality, unless alternative auth is provided via the `token` or `ssh-key` inputs:
+
+```yaml
+permissions:
+  contents: read
+```
 
 # License
 
diff --git a/src/git-source-provider.ts b/src/git-source-provider.ts
index 2d35138..b31d1ec 100644
--- a/src/git-source-provider.ts
+++ b/src/git-source-provider.ts
@@ -1,4 +1,5 @@
 import * as core from '@actions/core'
+import * as github from '@actions/github'
 import * as fsHelper from './fs-helper'
 import * as gitAuthHelper from './git-auth-helper'
 import * as gitCommandManager from './git-command-manager'
@@ -274,6 +275,14 @@ export async function getSource(settings: IGitSourceSettings): Promise<void> {
       settings.commit,
       settings.githubServerUrl
     )
+
+    // Set default author
+    if (!await git.configExists('user.name', true)) {
+      await git.config('user.name', github.context.workflow, true)
+    }
+    if (!await git.configExists('user.email', true)) {
+      await git.config('user.email', 'github-actions@github.com', true)
+    }
   } finally {
     // Remove auth
     if (authHelper) {