-
Notifications
You must be signed in to change notification settings - Fork 51
Closed
Labels
bugSomething isn't workingSomething isn't working
Description
There is an error condition to not set permissions for jobs with GITHUB_TOKEN in step level env variable
const errorSecretInRunStepEnvVariable = "KnownIssue-2: Jobs with run steps that use token in environment variable are not supported" |
But if env variable is set at job level, the code sets token permissions. These may be incorrect as the specific logic to determine the permissions is not known.
Here is a test workflow
name: Job level env
on:
pull_request:
branches: [main]
jobs:
Lint:
env:
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: some step that uses token
run: |
npm ci
JPLachance
Metadata
Metadata
Assignees
Labels
bugSomething isn't workingSomething isn't working