Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set permissions for GitHub actions #6077

Merged
merged 1 commit into from
Apr 18, 2022
Merged

Set permissions for GitHub actions #6077

merged 1 commit into from
Apr 18, 2022

Conversation

naveensrinivasan
Copy link
Contributor

@naveensrinivasan naveensrinivasan requested a review from a team as a code owner April 15, 2022 14:52
@naveensrinivasan naveensrinivasan requested review from BeksOmega and removed request for a team April 15, 2022 14:52
@BeksOmega
Copy link
Collaborator

Hello! Thank you for contributing this! Sorry I wasn't quite able to get to this yesterday :/ I'll give it a look on Monday! In the meantime, would you be able to update the PR title to follow conventional commit structure.

Thank you again :D

@naveensrinivasan
chore: Set permissions for GitHub actions
cf67410 
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
@naveensrinivasan
Copy link
Contributor Author

Hello! Thank you for contributing this! Sorry I wasn't quite able to get to this yesterday :/ I'll give it a look on Monday! In the meantime, would you be able to update the PR title to follow conventional commit structure.

Thank you again :D

Took care of the commit. Thanks!

BeksOmega
BeksOmega approved these changes Apr 18, 2022
View reviewed changes
Copy link
Collaborator

@BeksOmega BeksOmega left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks for including all of those links in your PR description, they made it really easy to figure out what was going on =)

The last thing I need to do is check that our CLA bot is working before I merge this =)

@BeksOmega BeksOmega merged commit e0d81ef into google:master Apr 18, 2022
@BeksOmega BeksOmega mentioned this pull request Apr 26, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BeksOmega BeksOmega BeksOmega approved these changes

Assignees

@BeksOmega BeksOmega

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@naveensrinivasan @BeksOmega