Closed bwiernik closed 1 year ago
Thanks, Brenton.
TBH, I am not too familiar with this, and so need to do a bit more research before I implement anything in our workflows, or upstream in r-lib/actions
.
My implicit understanding thus far has been that, unless otherwise specified, all actions are read-only. To give write access, you need to install the app and approve write permissions (e.g. precommit).
Okay, yeah, CSL repo actions do writing, so if we are just reading we should be good. But do we do writing for the GitHub pages stuff?
Yes, but always to gh-pages
branch, and no other branch. I think that's the permissions it has.
There is not much to do here from our end. So closing this.
We recently made this change on the CSL repo to improve security by limiting permissions of GHA to only what was strictly necessary. Is that something we should do on our repos as well? https://github.com/citation-style-language/styles/pull/6246
@IndrajeetPatil