Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Set the GitHub Actions token permission to null in most workflows. This results in: GITHUB_TOKEN Permissions Metadata: read The default permissions, used without the null override, are either GITHUB_TOKEN Permissions Actions: write Checks: write Contents: write Deployments: write Discussions: write Issues: write Metadata: read Packages: write Pages: write PullRequests: write RepositoryProjects: write SecurityEvents: write Statuses: write or GITHUB_TOKEN Permissions Actions: read Checks: read Contents: read Deployments: read Discussions: read Issues: read Metadata: read Packages: read Pages: read PullRequests: read RepositoryProjects: read SecurityEvents: read Statuses: read Jobs triggered by PRs get read permissions, other jobs get write. One job require non-null permissions to function. The dependent issues GHA needs PR/issues write permissions to add/remove `dependent` labels. It needs status write permission to block/unblock PRs when dependencies are missing/met. Fails with HttpError otherwise. Signed-off-by: Daniel Farrell <[email protected]>
- Loading branch information
1 parent
7143e3a
commit 7ffe021