Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add security policy, GITHUB_TOKEN access restrictions. #6814

Merged
merged 3 commits into from
Jun 4, 2024
Merged

Add security policy, GITHUB_TOKEN access restrictions. #6814

merged 3 commits into from
Jun 4, 2024

Conversation

ssheorey
Copy link
Member

@ssheorey ssheorey commented Jun 3, 2024
edited
Loading 

permissions:
  contents: write   # to upload artifacts and update github release packages
  actions: write     # to allow cancelling concurrent CI runs (concurrency key)

@update-docs Update Docs
Copy link

update-docs bot commented Jun 3, 2024

Thanks for submitting this pull request! The maintainers of this repository would appreciate if you could update the CHANGELOG.md based on your changes.

@ssheorey ssheorey marked this pull request as ready for review June 4, 2024 00:32
michaelbeale-IL
michaelbeale-IL approved these changes Jun 4, 2024
View reviewed changes
.github/workflows/documentation.yml
@@ -1,4 +1,7 @@
name: Documentation
permissions:
contents: write
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you need this here? This gives every step content write access. Could it be limited to just the steps that need it?

Copy link
Member Author

@ssheorey ssheorey Jun 4, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Permissions don't seem to work per step, only per job (tried per step and github refused to run it). That workflow only has one job.

@ssheorey ssheorey merged commit 525c4e6 into main Jun 4, 2024
42 of 45 checks passed
@ssheorey ssheorey deleted the ss/token-permissions branch June 4, 2024 15:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michaelbeale-IL michaelbeale-IL michaelbeale-IL approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ssheorey @michaelbeale-IL