Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: add GitHub token permissions for workflows #62317

Merged
merged 1 commit into from
Aug 1, 2022
Merged

ci: add GitHub token permissions for workflows #62317

merged 1 commit into from
Aug 1, 2022

Conversation

varunsh-coder
Copy link
Contributor

What does this PR do?

This PR adds minimum token permissions for the GITHUB_TOKEN using https://github.com/step-security/secure-workflows.

GitHub recommends defining minimum GITHUB_TOKEN permissions for securing GitHub Actions workflows

This project is part of the top 100 critical projects as per OpenSSF (https://github.com/ossf/wg-securing-critical-projects), so fixing the token permissions to improve security.

Signed-off-by: Varun Sharma [email protected]

What issues does this PR fix or reference?

Fixes: N/A

Previous Behavior

GITHUB_TOKEN has all permissions, e.g.
https://github.com/saltstack/salt/runs/7286247590?check_suite_focus=true#step:1:19

New Behavior

GITHUB_TOKEN will have minimum permissions

Merge requirements satisfied?

[NOTICE] Bug fixes or features added to Salt require tests.

Commits signed with GPG?

No

Please review Salt's Contributing Guide for best practices.

See GitHub's page on GPG signing for more information about signing commits with GPG.

@varunsh-coder varunsh-coder requested a review from a team as a code owner July 11, 2022 17:48
@varunsh-coder varunsh-coder requested review from Ch3LL and removed request for a team July 11, 2022 17:49
@welcome
Copy link

welcome bot commented Jul 11, 2022

Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey.
Please be sure to review our Code of Conduct. Also, check out some of our community resources including:

There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar.
If you have additional questions, email us at [email protected]. We’re glad you’ve joined our community and look forward to doing awesome things with you!

@varunsh-coder varunsh-coder mentioned this pull request Jul 11, 2022
Open
@Ch3LL Ch3LL requested a review from s0undt3ch July 12, 2022 20:20
@varunsh-coder
Copy link
Contributor Author

Hi @s0undt3ch request you to please review this PR. Thanks!

@Ch3LL Ch3LL merged commit 77be876 into saltstack:master Aug 1, 2022
@welcome
Copy link

welcome bot commented Aug 1, 2022

Congratulations on your first PR being merged! 🎉

@pnacht pnacht mentioned this pull request Oct 10, 2022
Open
@ashishkurmi ashishkurmi mentioned this pull request Dec 21, 2022
Open
87 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ch3LL Ch3LL Ch3LL approved these changes

@s0undt3ch s0undt3ch s0undt3ch approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@varunsh-coder @s0undt3ch @Ch3LL