Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CI] Set minimal permissions on pr_review_trigger.yml #35706

Closed
diogoteles08 opened this issue May 22, 2023 · 0 comments · Fixed by #35708
Closed

[CI] Set minimal permissions on pr_review_trigger.yml #35706

diogoteles08 opened this issue May 22, 2023 · 0 comments · Fixed by #35708
Assignees
@diogoteles08
Labels
Component: Continuous Integration Type: enhancement
Milestone
13.0.0

Comments

@diogoteles08
Copy link
Contributor

Describe the enhancement requested

Hi!

I'm here to suggest that you set minimal permissions to your workflow pr_review_trigget.yml, because currently it doesn't specify the permissions for its jobs and their privileges are being determined by GitHub's defaults. I noticed that all of your other workflows already have the permissions defined, so I'll assume you already know the security benefits involved =)

If you have a reason not to define the permissions on that specific workflow, let me know! Otherwise I'll already raise a PR to add them and close this issue, as it's a very simple change.

Context

I'm Diogo and I work on Google's Open Source Security Team(GOSST) in cooperation with the Open Source Security Foundation (OpenSSF). My core job is to suggest and implement security changes on widely used open source projects 😊

Component(s)

Continuous Integration
@diogoteles08 diogoteles08 mentioned this issue May 22, 2023
Merged
raulcd pushed a commit that referenced this issue May 24, 2023
@diogoteles08
GH-35706: [CI] Set minimal permissions on pr_review_trigger.yml (#35708)
c4ea194 
Closes #35706 
* Closes: #35706

Authored-by: Diogo Teles Sant'Anna <diogoteles@google.com>
Signed-off-by: Raúl Cumplido <raulcumplido@gmail.com>
@raulcd raulcd added this to the 13.0.0 milestone May 24, 2023
@diogoteles08 diogoteles08 mentioned this issue Jul 26, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@diogoteles08 diogoteles08

Labels
Component: Continuous Integration Type: enhancement
Projects
None yet
Milestone
13.0.0
Development

Successfully merging a pull request may close this issue.

GH-35706: [CI] Set minimal permissions on pr_review_trigger.yml diogoteles08/arrow
2 participants
@raulcd @diogoteles08