search

di-sukharev / opencommit

just a GPT wrapper for git — generate commit messages by an LLM in 1 sec — works best with Claude 3.5 — supports local models too
https://www.npmjs.com/package/opencommit
MIT License
6.19k stars 331 forks source link

[Feature]: narrow down the token scope #214

Closed crazy-matt closed 1 year ago

crazy-matt commented 1 year ago

Description

The nested job 'OpenCommit' is requesting 'actions: write, checks: write, contents: write, deployments: write, discussions: write, issues: write, packages: write, pages: write, pull-requests: write, repository-projects: write, statuses: write, security-events: write, id-token: write'

I wonder if all these permissions are trully needed.

Suggested Solution

Apply a least privilege principle

Alternatives

No response

Additional Context

No response

crazy-matt commented 1 year ago

oops, mistake from my side with reusable workflows