Ghost icon indicating copy to clipboard operation
Ghost copied to clipboard

Published 20 hours ago verified publisher icon TryGhost

chore: Set permissions for GitHub actions

Open nathannaveen opened this issue 2 years ago • 1 comments

Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

  • Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests

Signed-off-by: nathannaveen [email protected]

nathannaveen avatar Jun 07 '22 00:06 nathannaveen

Codecov Report

Base: 52.92% // Head: 52.92% // Decreases project coverage by -0.00% :warning:

Coverage data is based on head (6411b80) compared to base (5176aa8). Patch has no changes to coverable lines.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #14970      +/-   ##
==========================================
- Coverage   52.92%   52.92%   -0.01%     
==========================================
  Files        1375     1375              
  Lines       89130    89130              
  Branches     9548     9548              
==========================================
- Hits        47173    47171       -2     
- Misses      40994    40995       +1     
- Partials      963      964       +1
Impacted Files Coverage Δ
ghost/admin/app/helpers/gh-price-amount.js 44.44% <0.00%> (-22.23%) :arrow_down:

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.

codecov[bot] avatar Sep 01 '22 08:09 codecov[bot]

Note from our bot: Some changes have been requested on this pull request. Updating your code is great, but won't notify us, so please leave a comment so that we (and our bot) can see when you've made the changes. Thank you 🙏

github-actions[bot] avatar Sep 29 '22 04:09 github-actions[bot]

Closing for now as this is stale and outdated, but I have the issue tracked here: https://github.com/TryGhost/DevOps/issues/6

daniellockyer avatar Jun 20 '23 12:06 daniellockyer