Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Recommended Permissions #1536

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add Recommended Permissions #1536

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Add Recommended Permissions 
To reduce risk of over-privileged tokens, we are adding recommended permissions to popular GitHub-owned Actions READMEs
  • Loading branch information
@KyFaSt
KyFaSt authored Jan 22, 2025
commit bdb100fa638e5c6ab4b72010f9b33ee08d3d02fd
8 changes: 8 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -335,6 +335,14 @@ There are a number of community practices/workarounds to fulfill specific requir

Please note that Windows environment variables (like `%LocalAppData%`) will NOT be expanded by this action. Instead, prefer using `~` in your paths which will expand to the HOME directory. For example, instead of `%LocalAppData%`, use `~\AppData\Local`. For a list of supported default environment variables, see the [Learn GitHub Actions: Variables](https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables) page.

# Recommended Permissions

The `actions/cache` workflow relies on an internal authentication pattern and does not use the GITHUB_TOKEN, to reduce risk of over-privileged token, jobs that use `actions/cache` should set permissions to none:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we using this language consistently in other repositories?

Setting permissions to none would likely broke most workflows - should we make it explicitly clear that other actions in your workflow may need more permissions?


```yaml
permissions: {}
```

## Contributing

We would love for you to contribute to `actions/cache`. Pull requests are welcome! Please see the [CONTRIBUTING.md](CONTRIBUTING.md) for more information.
Loading
Oops, something went wrong.