Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Restrict GITHUB_TOKEN in markdownlint action #61622

Merged
merged 1 commit into from
Nov 15, 2021

Conversation

vcsjones
Copy link
Member

@vcsjones vcsjones commented Nov 15, 2021

The markdownlint workflow can be restricted from all access except the repository contents. This limits what the 3rd party markdownlint-cli npm package can do which is installed as part of the workflow.

Currently, Actions in the dotnet/runtime repository have read/write
access by default, unless their permissions have been explicitly declared.

The markdownlint workflow can be restricted from all access except the
repository contents. This limits what the 3rd party `markdownlint-cli`
npm package can do which is installed as part of the workflow.
@dotnet-issue-labeler
Copy link

I couldn't figure out the best area label to add to this PR. If you have write-permissions please help me learn by adding exactly one area label.

@ghost ghost added the community-contribution Indicates that the PR has been added by a community member label Nov 15, 2021
@ghost
Copy link

ghost commented Nov 15, 2021

Tagging subscribers to this area: @dotnet/runtime-infrastructure
See info in area-owners.md if you want to be subscribed.

Issue Details

The markdownlint workflow can be restricted from all access except the repository contents. This limits what the 3rd party markdownlint-cli npm package can do which is installed as part of the workflow.

Author: vcsjones
Assignees: -
Labels:

area-Infrastructure, community-contribution

Milestone: -

Copy link
Member

@safern safern left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@vcsjones
Copy link
Member Author

I tested this in a separate repository with the same workflow files, so, I think this is good to merge.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
area-Infrastructure community-contribution Indicates that the PR has been added by a community member
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants