Skip to content

[GitHub] Add minimum token permissions for workflow #10749

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 4, 2022
Merged

[GitHub] Add minimum token permissions for workflow #10749

merged 1 commit into from
Sep 4, 2022

Conversation

@varunsh-coder
Copy link
Contributor

@varunsh-coder varunsh-coder commented Aug 24, 2022

Description

This PR adds minimum token permissions for the GITHUB_TOKEN in GitHub Actions workflow using https://github.com/step-security/secure-workflows.
All GitHub Actions workflows have a GITHUB_TOKEN with write access to multiple scopes.
Here is an example of the permissions in one of the workflows:
https://github.com/tensorflow/models/runs/7824930711?check_suite_focus=true#step:1:19

After this change, the scopes will be reduced to the minimum needed for the workflow.

Motivation

Signed-off-by: Varun Sharma [email protected]

Type of change

For a new feature or function, please create an issue first to discuss it
with us before submitting a pull request.

Note: Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • Documentation update
  • TensorFlow 2 migration
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • A new research paper code implementation
  • Other (Specify)

Improvement to the GitHub Actions workflow

Tests

No tests run. This is a standard configuration for workflows and does not affect rest of the code.

Test Configuration:

Checklist

@varunsh-coder varunsh-coder requested a review from a team as a code owner August 24, 2022 23:59
@varunsh-coder varunsh-coder mentioned this pull request Aug 25, 2022
Open
frederick0329
frederick0329 approved these changes Aug 25, 2022
View reviewed changes
Copy link
Contributor

@frederick0329 frederick0329 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@saberkun saberkun merged commit a90ef19 into tensorflow:master Sep 4, 2022
@ashishkurmi ashishkurmi mentioned this pull request Dec 21, 2022
Open
87 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@frederick0329 frederick0329 frederick0329 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@varunsh-coder @frederick0329 @saberkun