Skip to content

docs(actions): fix incorrect statement regarding permissions & secrets#25118

Merged
jc-clark merged 3 commits into
github:mainfrom
monholm:docs/security-hardening-for-github-actions
Dec 6, 2023
Merged

docs(actions): fix incorrect statement regarding permissions & secrets#25118
jc-clark merged 3 commits into
github:mainfrom
monholm:docs/security-hardening-for-github-actions

Conversation

@monholm
Copy link
Copy Markdown
Contributor

@monholm monholm commented Apr 20, 2023
edited
Loading

Why:

Read-only permissions and no access to secrets only applies to pull requests from forks.

Closes: #25117

What's being changed (if available, include any code snippets, screenshots, or gifs):

The sentence regarding what permissions the workflow will have when triggered by the pull_request event.

Check off the following:

  • I have reviewed my changes in staging (look for the "Automatically generated comment" and click the links in the "Preview" column to view your latest changes).
  • For content changes, I have completed the self-review checklist.

@monholm
docs(actions): fix incorrect statement regarding permissions & secrets
2bc4e5a 
Read-only permissions and no access to secrets only applies to pull requests from forks.
@welcome
Copy link
Copy Markdown

welcome Bot commented Apr 20, 2023

Thanks for opening this pull request! A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.

@github-actions github-actions Bot added the triage Do not begin working on this issue until triaged by the team label Apr 20, 2023
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 20, 2023
edited
Loading

Automatically generated comment ℹ️

This comment is automatically generated and will be overwritten every time changes are committed to this branch.

The table contains an overview of files in the content directory that have been changed in this pull request. It's provided to make it easy to review your changes on the staging site. Please note that changes to the data directory will not show up in this table.

Content directory changes

You may find it useful to copy this table into the pull request summary. There you can edit it to share links to important articles or changes and to give a high-level overview of how the changes in your pull request support the overall goals of the pull request.

Source Preview Production What Changed
actions/security-guides/security-hardening-for-github-actions.md fpt
ghec
ghes@ 3.11 3.10 3.9 3.8 3.7
ghae
 fpt
ghec
ghes@ 3.11 3.10 3.9 3.8 3.7
ghae

fpt: Free, Pro, Team
ghec: GitHub Enterprise Cloud
ghes: GitHub Enterprise Server
ghae: GitHub AE

@cmwilson21
Copy link
Copy Markdown
Contributor

cmwilson21 commented Apr 20, 2023

@Simon-TechForm Thank you for opening a PR and linking it to your issue! ✨

I'll get this triaged for review! ⚡

@cmwilson21 cmwilson21 added content This issue or pull request belongs to the Docs Content team actions This issue or pull request should be reviewed by the docs actions team waiting for review Issue/PR is waiting for a writer's review and removed triage Do not begin working on this issue until triaged by the team labels Apr 20, 2023
@monholm
Copy link
Copy Markdown
Contributor Author

monholm commented Jul 13, 2023

@cmwilson21 I just stumbled upon the wording again, and still find it very unfortunate that a security hardening guide provides this false sense of security.

Any news on this PR? :)

@Muhammad-Saleem1Ch

This comment was marked as spam.

Sign in to view
stebbi36

This comment was marked as spam.

Sign in to view

stebbi36

This comment was marked as spam.

Sign in to view

@myarb myarb added the needs SME This proposal needs review from a subject matter expert label Dec 5, 2023
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Dec 5, 2023

Thanks for opening a pull request! We've triaged this issue for technical review by a subject matter expert 👀

jc-clark
jc-clark approved these changes Dec 6, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@jc-clark jc-clark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me. Thank you for this contribution @monholm! ✨

I'll go ahead and merge this.

@jc-clark jc-clark added this pull request to the merge queue Dec 6, 2023
Merged via the queue into github:main with commit 1493057 Dec 6, 2023
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Dec 6, 2023

Thanks very much for contributing! Your pull request has been merged 🎉 You should see your changes appear on the site in approximately 24 hours. If you're looking for your next contribution, check out our help wanted issues

@monholm monholm deleted the docs/security-hardening-for-github-actions branch December 7, 2023 06:39
@coderabbitai coderabbitai Bot mentioned this pull request May 30, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jc-clark jc-clark jc-clark approved these changes

+1 more reviewer

@stebbi36 stebbi36 stebbi36 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

actions This issue or pull request should be reviewed by the docs actions team content This issue or pull request belongs to the Docs Content team needs SME This proposal needs review from a subject matter expert waiting for review Issue/PR is waiting for a writer's review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Misleading wording regarding permissions and access to secrets in pull_request workflows

6 participants

@monholm @cmwilson21 @Muhammad-Saleem1Ch @stebbi36 @jc-clark @myarb