Set only required token permissions for container image publishing

kashalls / kromgo

Easily expose preconfigured prometheus metrics to the outside using badges.

68 stars 3 forks source link

Set only required token permissions for container image publishing #4

Closed solidDoWant closed 9 months ago

solidDoWant commented 9 months ago

Set only the contents read and packages write perms to reduce the scope of a compromised token. The permissions still need to be reset/minimized in the repo settings.