Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: Constrain action permissions #800

Merged
merged 1 commit into from
Nov 17, 2023
Merged

ci: Constrain action permissions #800

merged 1 commit into from
Nov 17, 2023

Conversation

jonathan-innis
Copy link
Member

@jonathan-innis jonathan-innis commented Nov 17, 2023
edited
Loading

Fixes #N/A

Description

This PR assumes that the default permissions for the GITHUB_TOKEN is read-only for all permission in the account. Outside of that, we specify the constrained set of permissions that are required for each job to execute against the repo. This includes issues: write permissions for the Presubmit task for writing the coveralls output to the PR and contents: write permission for the Release task for creating the release.

How was this change tested?

  • Opening a PR against the karpenter-core repo

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@jonathan-innis jonathan-innis changed the title chore: Constrain action permissions ci: Constrain action permissions Nov 17, 2023
@coveralls
Copy link

coveralls commented Nov 17, 2023
edited
Loading

Pull Request Test Coverage Report for Build 6900475949

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.04%) to 80.167%
Totals Coverage Status
Change from base Build 6898389936: 0.04%
Covered Lines: 8347
Relevant Lines: 10412
💛 - Coveralls

@jonathan-innis jonathan-innis marked this pull request as ready for review November 17, 2023 17:26
@jonathan-innis jonathan-innis requested a review from a team as a code owner November 17, 2023 17:26
@jonathan-innis jonathan-innis enabled auto-merge (squash) November 17, 2023 17:27
jmdeal
jmdeal approved these changes Nov 17, 2023
View reviewed changes
Copy link
Member

@jmdeal jmdeal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀

@jonathan-innis jonathan-innis merged commit f6988eb into kubernetes-sigs:main Nov 17, 2023
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmdeal jmdeal jmdeal approved these changes

@ellistarn ellistarn Awaiting requested review from ellistarn ellistarn was automatically assigned from aws/karpenter

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jonathan-innis @coveralls @jmdeal