[X] Is this something you can debug and fix? Send a pull request! Bug fixes and documentation fixes are welcome.
Motivation
I would like for the default workflow yml to include permissions for the GITHUB_TOKEN it uses.
Without this, one might fear of giving too many permissions to this github action and as a result they won't use cargo audit (which in turn means that their audits will likely be absent, which I think is not good).
If we implement this, people might be more stusting to install this Action, and its usage will therefore grow.
So that GITHUB_TOKEN would have exactly the right it needs, which would in turn make me feel safer about using this Action/Workflow. I do not immediately know this list, however. The above one is random-guessed and might be invalid.
Checklist before filing an issue:
actions-rsActions?Motivation
I would like for the default workflow yml to include permissions for the GITHUB_TOKEN it uses.
Without this, one might fear of giving too many permissions to this github action and as a result they won't use cargo audit (which in turn means that their audits will likely be absent, which I think is not good).
If we implement this, people might be more stusting to install this Action, and its usage will therefore grow.
Workflow example
I would like to set up something like this:
So that GITHUB_TOKEN would have exactly the right it needs, which would in turn make me feel safer about using this Action/Workflow. I do not immediately know this list, however. The above one is random-guessed and might be invalid.
Additional context
See the full list of possible permissions: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions