document permissions #83
Comments
|
It needs actions read as well, at least https://docs.github.com/en/rest/reference/permissions-required-for-github-apps#permission-on-actions have you tried it with a restricted token? would be interesting to see if actions read/write really was sufficient - then I'm sure a PR to the docs could work, @styfle has merged everything reasonable I've seen get proposed based on my last look through here while integrating it :-) |
|
I had more documentation earlier but I removed it for some reason, I can't remember why 🤔 |
|
probably because between then and now actions got access to the default token by putting it in the action.yaml so users were spared having to specify it. This is orthogonal though I think - it's about restricting that token to just the two perms of actions read/write and removing all the rest, which would be a nice way to reduce security surface area |
Yeh I think write includes read. Haven’t tried it yet (ref video-dev/hls.js#3874) but will report back if it works |
|
Looks like it worked. No errors in logs |
|
I have been using it with apparent success in our project: Being able to control the permission was the trigger to use this. Seeing this in documentation would be great. Thanks for this thread! |
|
Great, feel free to submit a PR to update the README 👍 |
It's possible to customise the
GITHUB_TOKENpermissions now. Would be great to document which permissions this action needs.I think it might be just
?
The text was updated successfully, but these errors were encountered: