Description
Validate all GitHub Actions workflows in all our Open Source GitHub repositories to accommodate the upcoming changes in GITHUB_TOKEN permissions, effective February 1, 2024.
Starting February 1, 2024, the default permission for the GITHUB_TOKEN in GitHub Actions workflows will change from Read/Write to Read-only. This change aims to enhance security by enforcing least privilege access and aligning with Digital Security & Resilience (DSR) requirements.
Impact: Workflows that require the GITHUB_TOKEN for write operations or for accessing repository secrets will break unless updated with an explicit permissions block.
Solution
Identify all workflows in your repositories that utilize the GITHUB_TOKEN. Determine whether these workflows perform write operations or access repository secrets.
Type of task? Builds
Description Validate all GitHub Actions workflows in all our Open Source GitHub repositories to accommodate the upcoming changes in GITHUB_TOKEN permissions, effective February 1, 2024.
Starting February 1, 2024, the default permission for the GITHUB_TOKEN in GitHub Actions workflows will change from Read/Write to Read-only. This change aims to enhance security by enforcing least privilege access and aligning with Digital Security & Resilience (DSR) requirements.
Impact: Workflows that require the GITHUB_TOKEN for write operations or for accessing repository secrets will break unless updated with an explicit permissions block.
Solution Identify all workflows in your repositories that utilize the GITHUB_TOKEN. Determine whether these workflows perform write operations or access repository secrets.
more info here : https://docs.opensource.microsoft.com/github/apps/permission-changes/