Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tools: add GitHub token permissions to label flaky-test issues #45308

Merged
merged 1 commit into from Dec 4, 2022
Merged

tools: add GitHub token permissions to label flaky-test issues #45308

merged 1 commit into from Dec 4, 2022

Conversation

gabibguti
Copy link
Contributor

Add minimum GITHUB_TOKEN permissions for label-flaky-test-issue.yml workflow.

Motivation: Setting minimum permissions on workflow's top level is good practice. Similar changes were previously discussed in #43743. Since label flaky-test issues workflow was recently added, this PR is a small update to restrict it's permissions.

About me: I'm Gabriela and I work on behalf of Google and the OpenSSF suggesting supply-chain security changes :)

Signed-off-by: Gabriela Gutierrez gabigutierrez@google.com

@gabibguti
tools: add GitHub token permissions to label flaky-test issues
a77270c 
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/actions

@nodejs-github-bot nodejs-github-bot added the meta Issues and PRs related to the general management of the project. label Nov 3, 2022
@aduh95
Copy link
Contributor

aduh95 commented Nov 3, 2022

Is read permission actually enough for labelling issues? That seems quite counter intuitive to me.

@gabibguti
Copy link
Contributor Author

gabibguti commented Nov 7, 2022
edited

Is read permission actually enough for labelling issues? That seems quite counter intuitive to me.

No, you are right, it is not. The permission that allows labelling the issues is issues: write inside the job in line 12 of the unchanged file.

The contents: read permission before the job is to avoid this job and other jobs from "by default" being able to access the contents of the repository. Access to the contents of the repository means being able to create files, delete files, among other things.

@aduh95 aduh95 added author ready PRs that have at least one approval, no pending requests for changes, and a CI started. commit-queue Add this label to land a pull request using GitHub Actions. labels Dec 4, 2022
@nodejs-github-bot nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Dec 4, 2022
@nodejs-github-bot nodejs-github-bot merged commit de696d7 into nodejs:main Dec 4, 2022
@nodejs-github-bot
Copy link
Collaborator

Landed in de696d7

@gabibguti gabibguti deleted the workflow-permissions branch December 6, 2022 17:59
targos pushed a commit that referenced this pull request Dec 12, 2022
@gabibguti @targos
tools: add GitHub token permissions to label flaky-test issues
324ae3d 
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
PR-URL: #45308
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
@targos targos mentioned this pull request Dec 12, 2022
Merged
danielleadams pushed a commit that referenced this pull request Dec 30, 2022
@gabibguti @danielleadams
tools: add GitHub token permissions to label flaky-test issues
99d639d 
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
PR-URL: #45308
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
@danielleadams danielleadams mentioned this pull request Dec 30, 2022
Merged
danielleadams pushed a commit that referenced this pull request Dec 30, 2022
@gabibguti @danielleadams
tools: add GitHub token permissions to label flaky-test issues
94286fe 
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
PR-URL: #45308
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
danielleadams pushed a commit that referenced this pull request Jan 3, 2023
@gabibguti @danielleadams
tools: add GitHub token permissions to label flaky-test issues
aa57f6c 
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
PR-URL: #45308
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
danielleadams pushed a commit that referenced this pull request Jan 4, 2023
@gabibguti @danielleadams
tools: add GitHub token permissions to label flaky-test issues
63d7d95 
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
PR-URL: #45308
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
danielleadams pushed a commit that referenced this pull request Jan 5, 2023
@gabibguti @danielleadams
tools: add GitHub token permissions to label flaky-test issues
12c100c 
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
PR-URL: #45308
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lpinca lpinca lpinca approved these changes

Assignees
No one assigned
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. meta Issues and PRs related to the general management of the project.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@gabibguti @nodejs-github-bot @aduh95 @lpinca