Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

added read-all permission status to Github Actions Workflow #807

Merged
merged 2 commits into from
Mar 9, 2023
Merged

Conversation

Cyan4973
Copy link
Owner

@Cyan4973 Cyan4973 commented Mar 1, 2023

Following recommendations from @gabibguti and @t-mat at #806

@gabibguti
Copy link
Contributor

Just FYI permissions: read-all is different than permissions: contents: read.

read-all grants read access to actions, checks, contents and other scopes, while contents: read gives read access only to contents scope and none access to all other scopes. The second option is more similar to the setting "Read repository content".

That said, I don't see any problems granting read-all in this case. 👍

https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token

@Cyan4973
Copy link
Owner Author

Cyan4973 commented Mar 4, 2023

Thanks for explaining the distinction @gabibguti , it's very clear !

There's no reason to give more rights than necessary,
let's change it to content: read as initially suggested by @t-mat .

@Cyan4973 Cyan4973 merged commit 74c416c into dev Mar 9, 2023
@Cyan4973 Cyan4973 deleted the gh_read branch July 20, 2023 21:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants