Skip to content

ci: Add GitHub token permissions for workflows #46832

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
fabpot merged 1 commit into from
Jul 4, 2022
Merged

ci: Add GitHub token permissions for workflows #46832

fabpot merged 1 commit into from
Jul 4, 2022

Conversation

@varunsh-coder
Copy link
Contributor

@varunsh-coder varunsh-coder commented Jul 3, 2022
edited by nicolas-grekas
Loading

Q A
Branch? 4.4
Bug fix? no
New feature? no
Deprecations? no
Tickets -
License MIT
Doc PR -

This PR adds minimum token permissions for the GITHUB_TOKEN using https://github.com/step-security/secure-workflows.

GitHub recommends defining minimum GITHUB_TOKEN permissions for securing GitHub Actions workflows

This project is part of the top 100 critical projects as per OpenSSF (https://github.com/ossf/wg-securing-critical-projects), so fixing the token permissions to improve security.

Signed-off-by: Varun Sharma varunsh@stepsecurity.io

@carsonbot carsonbot added this to the 6.2 milestone Jul 3, 2022
@carsonbot
Copy link

carsonbot commented Jul 3, 2022

Hey!

I see that this is your first PR. That is great! Welcome!

Symfony has a contribution guide which I suggest you to read.

In short:

  • Always add tests
  • Keep backward compatibility (see https://symfony.com/bc).
  • Bug fixes must be submitted against the lowest maintained branch where they apply (see https://symfony.com/releases)
  • Features and deprecations must be submitted against the 6.2 branch.

Review the GitHub status checks of your pull request and try to solve the reported issues. If some tests are failing, try to see if they are failing because of this change.

When two Symfony core team members approve this change, it will be merged and you will become an official Symfony contributor!
If this PR is merged in a lower version branch, it will be merged up to all maintained branches within a few days.

I am going to sit back now and wait for the reviews.

Cheers!

Carsonbot

@varunsh-coder varunsh-coder mentioned this pull request Jul 3, 2022
Open
@carsonbot
Copy link

carsonbot commented Jul 4, 2022

Hey!

I think @rvanlaak has recently worked with this code. Maybe they can help review this?

Cheers!

Carsonbot

stof
stof reviewed Jul 4, 2022
View reviewed changes
@varunsh-coder varunsh-coder mentioned this pull request Jul 4, 2022
Closed
@nicolas-grekas nicolas-grekas modified the milestones: 6.2, 4.4 Jul 4, 2022
@fabpot fabpot changed the base branch from 6.2 to 4.4 July 4, 2022 19:53
@fabpot
Copy link
Member

fabpot commented Jul 4, 2022

Thank you @varunsh-coder.

@fabpot fabpot merged commit 6949721 into symfony:4.4 Jul 4, 2022
@varunsh-coder varunsh-coder mentioned this pull request Jul 28, 2022
Open
32 tasks
@ashishkurmi ashishkurmi mentioned this pull request Dec 21, 2022
Open
87 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stof stof stof left review comments

@fabpot fabpot fabpot approved these changes

@chalasr chalasr chalasr approved these changes

@lyrixx lyrixx Awaiting requested review from lyrixx

@yceruto yceruto Awaiting requested review from yceruto

@wouterj wouterj Awaiting requested review from wouterj

@dunglas dunglas Awaiting requested review from dunglas

@xabbuh xabbuh Awaiting requested review from xabbuh

+1 more reviewer

@ogizanagi ogizanagi ogizanagi approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Status: Needs Review

Projects

None yet

Milestone

4.4

Development

Successfully merging this pull request may close these issues.

7 participants

@varunsh-coder @carsonbot @fabpot @stof @ogizanagi @chalasr @nicolas-grekas