You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We could set the CI workflow permissions to read-only in the workflow:
pull_request runs are already always read-only so they are not affected: this only affects the runs on merge commits
this is not about creating a real security barrier but more of a devops hygiene thing: having write access to everything in the repository and github project is not great, so it would be better if a commit that needs write access then also needs to visibly change the permissions in the workflow file.
Current behavior:
Default GITHUB_TOKEN Permissions on merge runs:
Description of issue or feature request:
We could set the CI workflow permissions to read-only in the workflow:
Current behavior:
Default GITHUB_TOKEN Permissions on merge runs:
Expected behavior:
These permissions are likely enough for our CI workflow:
The text was updated successfully, but these errors were encountered: