chore: Set permissions for GitHub actions

errbotio / errbot

Errbot is a chatbot, a daemon that connects to your favorite chat service and bring your tools and some fun into the conversation.

http://errbot.io

GNU General Public License v3.0

3.12k stars 612 forks source link

chore: Set permissions for GitHub actions #1565

Closed naveensrinivasan closed 2 years ago

naveensrinivasan commented 2 years ago

Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests

Signed-off-by: naveensrinivasan 172697+naveensrinivasan@users.noreply.github.com

sijis commented 2 years ago

@naveensrinivasan Thank you for adding this.

Would you be able to add a small entry to CHANGES.rst? I tried to updated the PR but was unable to.

I had something like this

diff --git a/CHANGES.rst b/CHANGES.rst
index b3c07280..86bc7a4a 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -31,6 +31,7 @@ fixes:
 - chore: bump actions/setup-python from 2 to 3.1.0 (#1563)
 - fix: removed deprecated argument reconnection_interval for irc v20.0 (#1568)
 - docs: Add Gentoo packages (#1567)
+- chore: Set permissions for GitHub actions (#1565)

 v6.1.8 (2021-06-21)
 -------------------

naveensrinivasan commented 2 years ago

chore: Set permissions for GitHub actions (#1565)

I took care of that. Thanks