Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Modifying the permissions for the GITHUB_TOKEN" should use a callout box for "When the permissions key is used, all unspecified permissions are set to no access" #35810

Closed
1 task done
jsoref opened this issue Jan 2, 2025 · 3 comments · Fixed by #35967
Closed
1 task done

"Modifying the permissions for the GITHUB_TOKEN" should use a callout box for "When the permissions key is used, all unspecified permissions are set to no access" #35810

jsoref opened this issue Jan 2, 2025 · 3 comments · Fixed by #35967
Labels
actions This issue or pull request should be reviewed by the docs actions team content This issue or pull request belongs to the Docs Content team SME reviewed An SME has reviewed this issue/PR

Comments

@jsoref
Copy link
Contributor

jsoref commented Jan 2, 2025

Code of Conduct

What article on docs.github.com is affected?

https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token

What part(s) of the article would you like to see updated?

After:

You can use the permissions key in your workflow file to modify permissions for the GITHUB_TOKEN for an entire workflow or for individual jobs. This allows you to configure the minimum required permissions for a workflow or job.

Add a callout to the next bit:

Note

When the permissions key is used, all unspecified permissions are set to no access, with the exception of the metadata scope, which always gets read access.

Additional information

actions/deploy-pages#329 (comment)
actions/deploy-pages#329 (comment)
actions/deploy-pages#329 (comment)
@jsoref jsoref added the content This issue or pull request belongs to the Docs Content team label Jan 2, 2025
@github-actions github-actions bot added the triage Do not begin working on this issue until triaged by the team label Jan 2, 2025
@nguyenalex836
Copy link
Contributor

@jsoref Thank you for raising this issue! I'll get this triaged for review ✨ Our team will provide feedback regarding the best next steps for this issue - thanks for your patience! 💛

@nguyenalex836 nguyenalex836 added actions This issue or pull request should be reviewed by the docs actions team waiting for review Issue/PR is waiting for a writer's review and removed triage Do not begin working on this issue until triaged by the team labels Jan 2, 2025
@subatoi subatoi added the needs SME This proposal needs review from a subject matter expert label Jan 3, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 3, 2025

Thanks for opening an issue! We've triaged this issue for technical review by a subject matter expert 👀

@nguyenalex836
Copy link
Contributor

@jsoref Thank you for your patience while our SME team reviewed! They are in agreement regarding the addition of the new note you are proposing 💛

As there are already 2 note boxes in that section, we propose combining this note with the other note box:

Note

* Organization owners can prevent you from granting write access to the GITHUB_TOKEN at the repository level. For more information, see [Disabling or limiting GitHub Actions for your organization](https://docs.github.com/en/organizations/managing-organization-settings/disabling-or-limiting-github-actions-for-your-organization#setting-the-permissions-of-the-github_token-for-your-organization).

* <NEW NOTE GOES HERE>

Would you be willing to submit the PR for this update? We'll hold off on adding the help wanted label for now to give you a chance to submit the PR ✨

@nguyenalex836 nguyenalex836 added SME reviewed An SME has reviewed this issue/PR and removed waiting for review Issue/PR is waiting for a writer's review needs SME This proposal needs review from a subject matter expert labels Jan 16, 2025
@jsoref jsoref mentioned this issue Jan 16, 2025
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
actions This issue or pull request should be reviewed by the docs actions team content This issue or pull request belongs to the Docs Content team SME reviewed An SME has reviewed this issue/PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Promote warning about unspecified permissions to a call-out jsoref/github-docs
4 participants
@jsoref @subatoi @nguyenalex836 and others