Skip to content
This repository has been archived by the owner on May 7, 2024. It is now read-only.

Minimum level of permissions #84

Open
PastaPastaPasta opened this issue Jul 16, 2021 · 2 comments
Open

Minimum level of permissions #84

PastaPastaPasta opened this issue Jul 16, 2021 · 2 comments

Comments

@PastaPastaPasta
Copy link

I'm attempting to utilize this action, while minimizing the scope of it's permissions. Currently the action file has

permissions:
  contents: read
  pull-requests: write
  issues: read
  # Enforce other not needed permissions are off
  actions: none
  checks: none
  deployments: none
  packages: none
  repository-projects: none
  security-events: none
  statuses: none

However, this doesn't work the action says This check was skipped

What are the minimum required permissions for this to work?
@varunsh-coder
Copy link

varunsh-coder commented Dec 2, 2021
edited

Hi @PastaPastaPasta I am collating security info for different GitHub Actions and added the min permissions for this Action to the knowledge base here. You can try to set min permissions for a workflow that uses this Action here. Do share your feedback. Thanks!

@laurentsimon
Copy link

I was looking for this! I think they should update their documentation to explain this

@laurentsimon laurentsimon mentioned this issue Dec 4, 2021
Open
@nrmancuso nrmancuso mentioned this issue Dec 10, 2021
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@PastaPastaPasta @varunsh-coder @laurentsimon