Closed yurikoles closed 1 year ago
By default, GHA uses token with write access to some of repo's scopes, so limiting it to a necessary minimum is a good practice.
@yurikoles that makes sense. Just wasn't sure exactly what does it affect 🙂
Oh, I forgot to post a proof, so before this PR GHA logged in Set up job
:
GITHUB_TOKEN Permissions
Actions: write
Checks: write
Contents: write
Deployments: write
Discussions: write
Issues: write
Metadata: read
Packages: write
Pages: write
PullRequests: write
RepositoryProjects: write
SecurityEvents: write
Statuses: write
After:
GITHUB_TOKEN Permissions
Contents: read
Metadata: read
Make GitHub Actions to be read-only[0].
[0]https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
Signed-off-by: Yurii Kolesnykov root@yurikoles.com