Context Navigation

← Previous Change
Next Change →

test-old-branches.yml

Timestamp:

05/03/2023 10:15:27 PM (2 years ago)

Author:

johnbillion

Message:

Build/Test Tools: Restrict the permissions granted to jobs on GitHub Actions

The permissions key in a job declares the GitHub permissions that are granted to the token that's used by the job. Restricting the permissions reduces the impact that a vulnerability in the CI system can have.

Props desrosj, johnbillion

See #57865

File:

: 1 edited

trunk/.github/workflows/test-old-branches.yml (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/.github/workflows/test-old-branches.yml

-                      r55507
+                      r55715
     - cron: '0 0 15 * *'
+# Disable permissions for all available scopes by default.
+# Any needed permissions should be configured at the job level.
+permissions: {}
 jobs:
   dispatch-workflows-for-old-branches:
     name: ${{ matrix.workflow }} for ${{ matrix.branch }}
     runs-on: ubuntu-latest
+    permissions:
+      actions: write
     timeout-minutes: 20
     if: ${{ github.repository == 'WordPress/wordpress-develop' }}

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Make WordPress Core

Context Navigation

Changeset 55715 for trunk/.github/workflows/test-old-branches.yml

Legend:

trunk/.github/workflows/test-old-branches.yml

Download in other formats: