goatandsheep / rc

The non-configurable configuration loader for lazy people.
https://www.npmjs.com/package/run-con
Other
7 stars 1 forks source link

Set least privilege permissions for GitHub Workflow tokens #31

Closed gabibguti closed 2 years ago

gabibguti commented 2 years ago

Closes https://github.com/goatandsheep/rc/issues/29

As described in the issue, this PR sets minimum permissions for GITHUB_TOKEN in GitHub Workflows.

For the coverage workflow, we are setting all permissions to read because the job steps need no permissions. For the dependabot workflow, we are setting id-token to have write access because we need to get the GITHUB_TOKEN and issues to have write access because we need to create an issue. For the issue hunt workflow, we are setting id-token to have write access because we need to get the GITHUB_TOKEN and issues to have write access because we need to create a comment on an issue.