Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add permissions section and integration job #110

Merged
merged 4 commits into from
Nov 2, 2023
Merged

Add permissions section and integration job #110

merged 4 commits into from
Nov 2, 2023

Conversation

stackptr
Copy link
Member

@stackptr stackptr commented Oct 30, 2023
edited
Loading

Adds a section in the README and an integration job to the CI workflow to motivate future uses of this template to specify the minimal permissions required to run the action. This is good to have when workflows are triggered by Dependabot or are otherwise run in repositories with less permissive defaults for workflow runs.

See also: freckle/commenter-action#401

@stackptr stackptr self-assigned this Oct 30, 2023
@stackptr stackptr force-pushed the corey/integration-test branch from 41e1744 to 5e7e851 Compare October 30, 2023 18:57
@stackptr stackptr marked this pull request as ready for review November 2, 2023 16:53
@stackptr stackptr requested a review from a team as a code owner November 2, 2023 16:53
@stackptr stackptr requested review from pbrisbin and removed request for a team November 2, 2023 16:53
stackptr
stackptr commented Nov 2, 2023
View reviewed changes
.github/workflows/ci.yml

integration:
runs-on: ubuntu-latest
permissions: {}
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This job should fail when an action using this template does anything more than checkout a repo (which works, incidentally, with no permissions, because it is a public repo).

pbrisbin
pbrisbin approved these changes Nov 2, 2023
View reviewed changes
README.md Outdated Show resolved Hide resolved
@stackptr stackptr merged commit 2d13f32 into main Nov 2, 2023
4 checks passed
@stackptr stackptr deleted the corey/integration-test branch November 2, 2023 21:33
@xave
Copy link

xave commented Nov 2, 2023

Please remove me from all these non-megarepo things. I have no further need for this information.

@xave
Copy link

xave commented Nov 2, 2023

Corey and Pat, it was a pleasure working with you both btw!

@pbrisbin
Copy link
Member

pbrisbin commented Nov 3, 2023

Likewise @xave.

I believe you getting notified of things you're not participating in is a you-side setting:

.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pbrisbin pbrisbin pbrisbin approved these changes

Assignees

@stackptr stackptr

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@stackptr @xave @pbrisbin