Skip to content

Commit

Permalink
Contents:read is required to clone private repos
Browse files Browse the repository at this point in the history
It was quite surprising that it was working with contents:none.
But it was only working in security-action because it's public!!

Private repos need more permissions in the GITHUB_TOKEN.
  • Loading branch information
bcaller authored and thypon committed Sep 12, 2023
1 parent 2946f73 commit 03501ad
Show file tree
Hide file tree
Showing 4 changed files with 5 additions and 4 deletions.
3 changes: 1 addition & 2 deletions .github/workflows/full-loop.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,7 @@ on:
types: [opened, synchronize, reopened, ready_for_review]
branches: [main]
permissions:
# Clear all permissions as none are required just to clone repo
contents: none
contents: read
jobs:
full-loop:
name: full-loop
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/loop.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ on:
types: [opened, synchronize, reopened, ready_for_review]
branches: [main]
permissions:
contents: read
pull-requests: write
jobs:
loop:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/semgrep-self-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ on:
types: [opened, synchronize, reopened, ready_for_review]
branches: [main]
permissions:
# Clear all permissions as none are required just to clone repo
# This is a public repo, no permissions required to clone
contents: none
jobs:
semgrep-self-test:
Expand Down
3 changes: 2 additions & 1 deletion assets/org.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ on:
types: [opened, synchronize, reopened, ready_for_review]
branches: [main, master, staging, development, devel, dev]
permissions:
contents: read
pull-requests: write
jobs:
security:
Expand All @@ -15,7 +16,7 @@ jobs:
strategy:
fail-fast: false
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: brave/security-action@main
Expand Down

0 comments on commit 03501ad

Please sign in to comment.