Skip to content
This repository has been archived by the owner on Oct 13, 2023. It is now read-only.

Define GITHUB_TOKEN permissions to limit the scope of what audit-check can do #218

Open
3 tasks done
vn971 opened this issue Apr 13, 2022 · 0 comments
Open
3 tasks done
Labels
enhancement New feature or request

Comments

@vn971
Copy link

vn971 commented Apr 13, 2022

Checklist before filing an issue:

Motivation

I would like for the default workflow yml to include permissions for the GITHUB_TOKEN it uses.

Without this, one might fear of giving too many permissions to this github action and as a result they won't use cargo audit (which in turn means that their audits will likely be absent, which I think is not good).

If we implement this, people might be more stusting to install this Action, and its usage will therefore grow.

Workflow example

I would like to set up something like this:

permissions:
  issues: write
  pull-requests: read
  contents: read

So that GITHUB_TOKEN would have exactly the right it needs, which would in turn make me feel safer about using this Action/Workflow. I do not immediately know this list, however. The above one is random-guessed and might be invalid.

Additional context

See the full list of possible permissions: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
enhancement New feature or request
Development

No branches or pull requests

1 participant