Make WordPress Core


Ignore:
Timestamp:
05/03/2023 10:15:27 PM (17 months ago)
Author:
johnbillion
Message:

Build/Test Tools: Restrict the permissions granted to jobs on GitHub Actions

The permissions key in a job declares the GitHub permissions that are granted to the token that's used by the job. Restricting the permissions reduces the impact that a vulnerability in the CI system can have.

Props desrosj, johnbillion

See #57865

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/.github/workflows/failed-workflow.yml

    r55152 r55715  
    1212        type: 'string'
    1313
     14# Disable permissions for all available scopes by default.
     15# Any needed permissions should be configured at the job level.
     16permissions: {}
     17
    1418jobs:
    1519  # Attempts to rerun a workflow.
     
    2125    name: Rerun a workflow
    2226    runs-on: ubuntu-latest
     27    permissions:
     28      actions: write
    2329    timeout-minutes: 5
    2430
Note: See TracChangeset for help on using the changeset viewer.