Ghost
Ghost copied to clipboard
chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests
Signed-off-by: nathannaveen [email protected]
Codecov Report
Base: 52.92% // Head: 52.92% // Decreases project coverage by -0.00%
:warning:
Coverage data is based on head (
6411b80
) compared to base (5176aa8
). Patch has no changes to coverable lines.
Additional details and impacted files
@@ Coverage Diff @@
## main #14970 +/- ##
==========================================
- Coverage 52.92% 52.92% -0.01%
==========================================
Files 1375 1375
Lines 89130 89130
Branches 9548 9548
==========================================
- Hits 47173 47171 -2
- Misses 40994 40995 +1
- Partials 963 964 +1
Impacted Files | Coverage Δ | |
---|---|---|
ghost/admin/app/helpers/gh-price-amount.js | 44.44% <0.00%> (-22.23%) |
:arrow_down: |
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.
:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.
Note from our bot: Some changes have been requested on this pull request. Updating your code is great, but won't notify us, so please leave a comment so that we (and our bot) can see when you've made the changes. Thank you 🙏
Closing for now as this is stale and outdated, but I have the issue tracked here: https://github.com/TryGhost/DevOps/issues/6