Skip to content
This repository has been archived by the owner on Jul 20, 2024. It is now read-only.

What permissions do the GitHub Actions need? #9

Open
h0x0er opened this issue Feb 7, 2022 · 2 comments
Open

What permissions do the GitHub Actions need? #9

h0x0er opened this issue Feb 7, 2022 · 2 comments

Comments

@h0x0er
Copy link

h0x0er commented Feb 7, 2022

This GitHub Actions uses the GITHUB_TOKEN. Can you please tell me what permissions are used for this token? If the permissions are only used in certain conditions, e.g. when a certain input is specified, please share that info as well.

At https://github.com/step-security/secure-workflows we are building a knowledge-base (KB) of permissions needed by different GitHub Actions. When developers try to remediate ossf/Scorecards checks, they use the knowledge-base to secure their GitHub Workflows.

Here is an example of how we store KB for an Action:

name: "GH Release"
github-token:
  action-input:
    input: github_token
    is-default: true
  permissions:
    contents: write
    contents-reason: to create GitHub release #Reference: https://github.com/softprops/action-gh-release/blob/fe9a9bd3295828558c7a3c004f23f3bf77d155b2/README.md?plain=1#L70

Releated Issue:
step-security/secure-repo#271
@dmudro
Copy link

dmudro commented May 18, 2023

hi @h0x0er were you able to find out about the permissions?

@h0x0er
Copy link
Author

h0x0er commented May 18, 2023

Hi @dmudro,
Thanks for pinging, I was able to figure them out, you can checkout this file to get info about permissions

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dmudro @h0x0er