-
Notifications
You must be signed in to change notification settings - Fork 222
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Autobuild: Minimize permissions in CI #2953
Conversation
b97271f
to
21c0dd4
Compare
21c0dd4
to
1ce81d3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, looks good to me!
Did you try to build a test release on your repo with that logic in place? If not, it would be good to do so. :)
Yes, see https://github.com/ann0see/jamulus/releases/tag/r0_0_0none4 I needed to set it as visible. |
@pljones Could you please review this? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Happy this grants no more than enough. And happy it'll fail fast if it's not enough 😃.
Now the other files also need updates :-). |
Short description of changes
Reduces permissions in autobuild.yml to a bare minimum.
CHANGELOG: Internal: Reduced permissions in Autobuild for security hardening
Context: Fixes an issue?
Related: #1737
Does this change need documentation? What needs to be documented and how?
Status of this Pull Request
Ready for review. Artifacts are building for a release: https://github.com/ann0see/jamulus/actions/runs/3373043380 and seem to be ok. My repo has now enabled strict read only default permissons.
What is missing until this pull request can be merged?
Review
Checklist