search

rossjrw / pr-preview-action

GitHub Action that deploys a pull request preview to GitHub Pages, similar to Vercel and Netlify, and cleans up after itself.
https://github.com/marketplace/actions/deploy-pr-preview
MIT License
255 stars 39 forks source link

Restrict permissions of GitHub Actions #37

Open chvmvd opened 1 year ago

chvmvd commented 1 year ago

It appears that the default permissions on GITHUB_TOKEN have been changed to read-only. By default, we cannot use this action until we change the settings of Workflow permissions to Read and write permissions. However, Read and write permissions are too much for this action. I think it should be for contents and pull-requests only. JamesIves/github-pages-deploy-action requires write permission for contents and marocchino/sticky-pull-request-comment requires write permission for pull-requests.

This is my first contribution to OSS, so please let me know if I am wrong.

スクリーンショット 2023-04-09 10 48 32
netomi commented 7 months ago

You can assign permissions to jobs:

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs