Make WordPress Core


Ignore:
Timestamp:
05/03/2023 10:15:27 PM (18 months ago)
Author:
johnbillion
Message:

Build/Test Tools: Restrict the permissions granted to jobs on GitHub Actions

The permissions key in a job declares the GitHub permissions that are granted to the token that's used by the job. Restricting the permissions reduces the impact that a vulnerability in the CI system can have.

Props desrosj, johnbillion

See #57865

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/.github/workflows/welcome-new-contributors.yml

    r55487 r55715  
    55    types: [ opened ]
    66
     7# Disable permissions for all available scopes by default.
     8# Any needed permissions should be configured at the job level.
     9permissions: {}
     10
    711jobs:
    812  # Comments on a pull request when the author is a new contributor.
    913  post-welcome-message:
    1014    runs-on: ubuntu-latest
     15    permissions:
     16      issues: write
    1117    timeout-minutes: 5
    1218    if: ${{ github.repository == 'WordPress/wordpress-develop' }}
Note: See TracChangeset for help on using the changeset viewer.