Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restrict GITHUB_TOKEN in markdownlint action #61622

Merged
merged 1 commit into from
Nov 15, 2021
Merged

Restrict GITHUB_TOKEN in markdownlint action #61622

merged 1 commit into from
Nov 15, 2021

Conversation

vcsjones
Copy link
Member

@vcsjones vcsjones commented Nov 15, 2021
edited
Loading

The markdownlint workflow can be restricted from all access except the repository contents. This limits what the 3rd party markdownlint-cli npm package can do which is installed as part of the workflow.

@vcsjones
Restrict GITHUB_TOKEN in markdownlint action
f3f9446 
Currently, Actions in the dotnet/runtime repository have read/write
access by default, unless their permissions have been explicitly declared.

The markdownlint workflow can be restricted from all access except the
repository contents. This limits what the 3rd party `markdownlint-cli`
npm package can do which is installed as part of the workflow.
@dotnet-issue-labeler
Copy link

I couldn't figure out the best area label to add to this PR. If you have write-permissions please help me learn by adding exactly one area label.

@ghost ghost added the community-contribution Indicates that the PR has been added by a community member label Nov 15, 2021
@ghost
Copy link

ghost commented Nov 15, 2021

Tagging subscribers to this area: @dotnet/runtime-infrastructure
See info in area-owners.md if you want to be subscribed.

Issue Details

The markdownlint workflow can be restricted from all access except the repository contents. This limits what the 3rd party markdownlint-cli npm package can do which is installed as part of the workflow.

Author: vcsjones
Assignees: -
Labels:

area-Infrastructure, community-contribution
Milestone: -

safern
safern approved these changes Nov 15, 2021
View reviewed changes
Copy link
Member

@safern safern left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@vcsjones
Copy link
Member Author

I tested this in a separate repository with the same workflow files, so, I think this is good to merge.

@safern safern merged commit 6401f33 into dotnet:main Nov 15, 2021
@vcsjones vcsjones deleted the markdownlint-restrict branch November 16, 2021 00:39
This was referenced Nov 29, 2021
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@ghost ghost locked as resolved and limited conversation to collaborators Dec 16, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@mmitche mmitche mmitche approved these changes

@hoyosjs hoyosjs hoyosjs approved these changes

@safern safern safern approved these changes

Assignees
No one assigned
Labels
area-Infrastructure community-contribution Indicates that the PR has been added by a community member
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@vcsjones @mmitche @hoyosjs @safern