shalzz
commented
1 year ago Hi, GITHUB_TOKEN is available by default on every repo with correct permissions. Are you sure this has changed?
Closed azriel91 closed 1 year ago
shalzz
commented
1 year ago Hi, GITHUB_TOKEN is available by default on every repo with correct permissions. Are you sure this has changed?
azriel91
commented
1 year ago Hm, I'm not sure if the default has changed, but the repo I newly created (first commit 2023-01-24) had it on the Read repository contents and packages permissions option.
Someone else encountered this (https://github.com/ad-m/github-push-action/issues/96#issuecomment-889984928), though it seems random -- maybe it depends on the last repository one has forked / created.
azriel91
commented
1 year ago Heya, looks like Github changed the default: Updating the default GITHUB_TOKEN permissions to read-only:
Previously, GitHub Actions gets a GITHUB_TOKEN with both read/write permissions by default whenever Actions is enabled on a repository. As a default, this is too permissive, so to improve security we would like to change the default going forward to a read-only token. You can still flip it to read/write if needed.
shalzz
commented
1 year ago Ok, I see. Thanks, merged!
Without this, the push will fail, but it is difficult to discover where to configure it.