Pull requests from public forks are still considered a special case and will receive a read token regardless of these settings. Any permission that is absent from the list will be set to none.
Setting permissions in the workflowĪ new permissions key supported at the workflow and job level enables you to specify which permissions you want for the token. These new settings allow you to follow a principle of least privilege in your workflows. The token has write permissions to a number of API endpoints except in the case of pull requests from forks which are always read.
Actions generates a new token for each job and expires the token when a job completes. The GITHUB_TOKEN is an automatically generated secret that lets you make authenticated calls to the GitHub API in your workflow runs.
GitHub Actions now lets you control the permissions granted to the GITHUB_TOKEN secret.
0 kommentar(er)
