-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Restrict GITHUB_TOKEN in markdownlint action #61622
Conversation
Currently, Actions in the dotnet/runtime repository have read/write access by default, unless their permissions have been explicitly declared. The markdownlint workflow can be restricted from all access except the repository contents. This limits what the 3rd party `markdownlint-cli` npm package can do which is installed as part of the workflow.
I couldn't figure out the best area label to add to this PR. If you have write-permissions please help me learn by adding exactly one area label. |
Tagging subscribers to this area: @dotnet/runtime-infrastructure Issue DetailsThe markdownlint workflow can be restricted from all access except the repository contents. This limits what the 3rd party
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
I tested this in a separate repository with the same workflow files, so, I think this is good to merge. |
The markdownlint workflow can be restricted from all access except the repository contents. This limits what the 3rd party
markdownlint-cli
npm package can do which is installed as part of the workflow.