File tree Expand file tree Collapse file tree 1 file changed +26
-26
lines changed
Expand file tree Collapse file tree 1 file changed +26
-26
lines changed Original file line number Diff line number Diff line change 1- name : Test GitHubToken Excessive Permissions
2- on :
3- push :
4- branches :
5- - main
6- jobs :
7- test-permissions :
8- runs-on : ubuntu-latest
9- # Overly broad permissions for GITHUB_TOKEN
10- permissions :
11- contents : write
12- issues : write
13- pull-requests : write
14- actions : write
15- checks : write
16- deployments : write
17- statuses : write
18- packages : write
19- repository-projects : write
20- discussions : write
21- security-events : write # This one, in particular, should raise a flag as it's typically not needed for most workflows
22- steps :
23- - name : Checkout code
24- uses : actions/checkout@v3
25- - name : Dummy Step
26- run : echo "This is to test excessive token permissions"
1+ name : Test GitHubToken Permissions
2+ on:
3+ push:
4+ branches:
5+ - main
6+ jobs:
7+ test-permissions:
8+ runs-on: ubuntu-latest
9+ # Minimal permissions for GITHUB_TOKEN
10+ permissions:
11+ contents: read
12+ issues: none
13+ pull-requests: none
14+ actions: none
15+ checks: read
16+ deployments: none
17+ statuses: read
18+ packages: none
19+ repository-projects: none
20+ discussions: none
21+ security-events: none
22+ steps:
23+ - name: Checkout code
24+ uses: actions/checkout@v3
25+ - name: Dummy Step
26+ run: echo "Testing minimal token permissions"
You can’t perform that action at this time.
0 commit comments