Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set GH token permissions default to contents: read and none for the rest #4356

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Set GH token permissions default to contents: read and none for the rest #4356

wants to merge 1 commit into from

Conversation

Nargonath
Copy link
Member

This relates to #4355. This PR is to test the settings to make sure they work and then we can apply them to hapijs/.github repo and roll them out to the rest of the org.

@Nargonath Nargonath added the security Issue with security impact label Jun 11, 2022
@Nargonath Nargonath self-assigned this Jun 11, 2022
@Nargonath
Copy link
Member Author

Nargonath commented Jun 11, 2022
edited
Loading

Per GH documentation I don't think we even need the GH token contents: read access. I revoked all permissions to the GH token and kept only the meta: read (default) access since for now our Actions don't seem to need more.

The CI errors are unrelated to this changes as I have them on master as well just by npm i && npm t. They seem to be due to linting errors as there is some kind of confusion with our linting configuration.

@Nargonath Nargonath marked this pull request as ready for review June 11, 2022 15:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@Nargonath Nargonath

Labels
security Issue with security impact
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Nargonath