search

di-sukharev / opencommit

Generate conventional git commit messages with AI in 1 second 🤯🔫
https://www.npmjs.com/package/opencommit
MIT License
5.98k stars 318 forks source link

[Feature]: narrow down the token scope #214

Closed crazy-matt closed 1 year ago

crazy-matt commented 1 year ago

Description

The nested job 'OpenCommit' is requesting 'actions: write, checks: write, contents: write, deployments: write, discussions: write, issues: write, packages: write, pages: write, pull-requests: write, repository-projects: write, statuses: write, security-events: write, id-token: write'

I wonder if all these permissions are trully needed.

Suggested Solution

Apply a least privilege principle

Alternatives

No response

Additional Context

No response

crazy-matt commented 1 year ago

oops, mistake from my side with reusable workflows