Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: restrict permissions for on-failure job (@MohakGupta2004) #6092

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

ci: restrict permissions for on-failure job (@MohakGupta2004) #6092

wants to merge 1 commit into from

Conversation

MohakGupta2004
Copy link

@MohakGupta2004 MohakGupta2004 commented Dec 4, 2024
edited
Loading

Description

ci: restrict permissions for the on-failure job to enhance security

The on-failure job previously used permissions: write-all, granting overly permissive access. This commit updates the workflow to specify granular permissions (e.g., contents: read, pull-requests: write), adhering to the principle of least privilege and improving security.

Checks

  • Adding quotes?
    • Make sure to include translations for the quotes in the description (or another comment) so we can verify their content.
  • Adding a language or a theme?
    • If is a language, did you edit _list.json, _groups.json and add languages.json?
    • If is a theme, did you add the theme.css?
      • Also please add a screenshot of the theme, it would be extra awesome if you do so!
  • Check if any open issues are related to this PR; if so, be sure to tag them below.
  • Make sure the PR title follows the Conventional Commits standard. (https://www.conventionalcommits.org for more info)
  • Make sure to include your GitHub username prefixed with @ inside parentheses at the end of the PR title.

Closes #

@MohakGupta2004
ci: restrict permissions for on-failure job (@MohakGupta2004)
551910a 
ci: restrict permissions for the on-failure job to enhance security

The on-failure job previously used `permissions: write-all`, granting overly permissive access. This commit updates the workflow to specify granular permissions (e.g., `contents: read`, `pull-requests: write`), adhering to the principle of least privilege and improving security.
@MohakGupta2004
Copy link
Author

@Miodec

@Miodec
Copy link
Member

Miodec commented Dec 9, 2024

Trigger a build failure so we can test this (add something that will break to the frontend or backend).

@github-actions GitHub Actions
Copy link
Contributor

This PR is stale. Please trigger a re-run of the PR check action.

@github-actions github-actions bot added the Stale Has not been updated in a while label Dec 16, 2024
@Miodec Miodec added the waiting for update Pull requests or issues that require changes/comments before continuing label Dec 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Stale Has not been updated in a while waiting for update Pull requests or issues that require changes/comments before continuing
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MohakGupta2004 @Miodec