Skip to content
This repository has been archived by the owner on Feb 24, 2024. It is now read-only.

Set permissions for GitHub actions #2235

Merged
merged 1 commit into from
Apr 8, 2022

Conversation

naveensrinivasan
Copy link
Contributor

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests

Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

Signed-off-by: naveensrinivasan [email protected]

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

Signed-off-by: naveensrinivasan <[email protected]>
@naveensrinivasan naveensrinivasan requested a review from a team as a code owner April 7, 2022 22:55
@fasmat
Copy link
Member

fasmat commented Apr 8, 2022

Thanks for your contribution!

Seems like a good idea to force a more restrictive approach to our actions.

@paganotoni What's your opinion on this?

@paganotoni
Copy link
Member

Looks good to me. Thanks @naveensrinivasan

@paganotoni paganotoni merged commit e8274e6 into gobuffalo:main Apr 8, 2022
@naveensrinivasan naveensrinivasan deleted the naveen/feat/set-perms-actions branch April 8, 2022 21:26
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants