Skip to content

Set GH token permissions default to contents: read and none for the rest #4356

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Nargonath wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Set GH token permissions default to contents: read and none for the rest #4356

Nargonath wants to merge 1 commit into from
+2 −0

Conversation

@Nargonath
Copy link
Member

@Nargonath Nargonath commented Jun 11, 2022

This relates to #4355. This PR is to test the settings to make sure they work and then we can apply them to hapijs/.github repo and roll them out to the rest of the org.
@Nargonath Nargonath added the security Issue with security impact label Jun 11, 2022
@Nargonath Nargonath self-assigned this Jun 11, 2022
@Nargonath Nargonath force-pushed the actions-permissions branch from 31d31f7 to 63fcb1d Compare June 11, 2022 15:53
@Nargonath
Copy link
Member Author

Nargonath commented Jun 11, 2022
edited
Loading

Per GH documentation I don't think we even need the GH token contents: read access. I revoked all permissions to the GH token and kept only the meta: read (default) access since for now our Actions don't seem to need more.

The CI errors are unrelated to this changes as I have them on master as well just by npm i && npm t. They seem to be due to linting errors as there is some kind of confusion with our linting configuration.
@Nargonath Nargonath marked this pull request as ready for review June 11, 2022 15:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

security Issue with security impact

2 participants

@Nargonath