Closed varunsh-coder closed 2 years ago
Hi, There was another PR to fix the upload of binaries to the releases. That's caused some conflicts in here unfortunately. If it's still a good idea, would you be able to rebase? If not, I can have a look myself.
Thanks!
I have resolved the conflict. Please let me know if you have any questions about the changes.
This PR adds specific permissions to the existing workflows under .github/workflows.
Background
I have implemented a GitHub App to automatically restrict permissions for the GITHUB_TOKEN in workflows. This is a security best practice as per the GitHub Actions hardening guide.
I am trying the App out on public repositories, by forking them, installing the App on the fork, and manually creating PRs with the fixed workflows. The App automatically fixes permissions when a PR is created that creates a new workflow, so feel free to install it for future workflows, or try it out on other repos.
I have manually reviewed the changes, and they do look good to me. If something looks off, please let me know. If you have feedback, would love to hear it. Thanks!