actions-permissions
actions-permissions copied to clipboard
GitHubSecurityLab
GitHub token permissions Monitor and Advisor actions
The current code is unhelpful for various reasons: https://github.com/GitHubSecurityLab/actions-permissions/blob/3dcbd6bb270cd62b67703a6c1aef904ace6a3bf3/monitor/index.js#L76-L77 1. It generates markdown with a workflow snippet like: ### Minimal required permissions: ```yaml permissions: security-events: write pull-requests: read unknown: unknown...
We have multiple jobs running in docker containers like node. ```yaml jobs: myJob: runs-on: [self-hosted, linux] container: node:lts-bullseye steps: - uses: GitHubSecurityLab/actions-permissions/monitor@v1 with: config: ${{ vars.PERMISSIONS_CONFIG }} - ... ```...
This is right after using `actions-permissions`: ``` Run ruby/setup-ruby@v1 with: ruby-version: 3.0 bundler-cache: true env: NODE_EXTRA_CA_CERTS: /Users/mitmproxyuser/.mitmproxy/mitmproxy-ca-cert.pem REQUESTS_CA_BUNDLE: /Users/mitmproxyuser/.mitmproxy/mitmproxy-ca-cert.pem HEX_CACERTS_PATH: /Users/mitmproxyuser/.mitmproxy/mitmproxy-ca-cert.pem Modifying PATH Print Ruby version /Users/runner/hostedtoolcache/Ruby/3.0.6/x64/bin/ruby --version ruby 3.0.6p216...
Load the API_URL environment variable and use that instead of `api.github.com`. Since GHES will have its address as `https://custom.domain.com/api/v3`, we only need to add the domain name itself. Closes #8
adding `uses: GitHubSecurityLab/actions-permissions/monitor@v1` as the first jobs steps causes > docker: Error response from daemon: Get "https://registry-1.docker.io/v2/": x509: certificate signed by unknown authority.
Using the monitor action will fail to download the npm package [playwright](https://github.com/microsoft/playwright). (when `npm ci`) ``` npm ERR! Error: Request to https://playwright.azureedge.net/builds/chromium/1067/chromium-linux.zip timed out after 30000ms ``` https://github.com/korosuke613/homepage-2nd/actions/runs/5529064180/jobs/10086900069?pr=221 Full logs...
https://github.com/tspascoal-demo2/MyShuttle/actions/runs/5443639260/jobs/9900419190
I'm not sure if this is expected, but each time the action is ran, the setup.sh attempts to install but fails upon adding mitmproxyuser since it exists already. Since I...
I was taking a look at the actions with a view to maybe trying them out in GitHub Enterprise Server, but it _seems_ that the actions assume running in github.com...
I wanted to try the action, but a few weird bugs showed up. I was surprised to see mitmproxy used ! Sometimes the setup-python action fails completely, not sure if...
Metadata
Owner
Metadata
GitHub token permissions Monitor and Advisor actions