From 38da1aabb1e17e3cbb2fd0d1250a227c95f84b59 Mon Sep 17 00:00:00 2001 From: "Adrien M. Bernede" Date: Wed, 2 Jun 2021 18:50:45 -0700 Subject: [PATCH 1/2] Mention permissions configuration in the README.md --- README.md | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 7e5287cd..a90fb7f9 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,6 @@ jobs: # ... etc ``` - ### Advanced: Canceling Other Workflows In some cases, you may wish to avoid modifying all your workflows and instead create a new workflow that cancels your other workflows. This can be useful when you have a problem with workflows getting queued. @@ -121,6 +120,29 @@ jobs: access_token: ${{ github.token }} ``` +### Permissions control + +No change to permissions is required by default. The instructions below or for improved control over of those permissions. + +By default, Github creates the `GITHUB_TOKEN` for actions with some read/write permissions. It may be a good practice to switch to read-only permissions by default. Visit the [dedicated documentation page](https://docs.github.com/en/github/administering-a-repository/managing-repository-settings/disabling-or-limiting-github-actions-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository) for details. + +Permissions can be set in the workflow, globally or at job level, see the [reference manual page](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#permissions). `cancel-workflow-action` only requires write access to the `actions` scope, so it is enough to have: + +```yml +jobs: + test: + runs-on: ubuntu-latest + permissions: + actions: write + steps: + - name: Cancel Previous Runs + uses: styfle/cancel-workflow-action@0.9.0 + with: + access_token: ${{ github.token }} +``` + +_Note_ : This is typical when global access is set to be restrictive. Only this job will elevate those permissions. + ## Contributing - Clone this repo From 197c66f243fb8907de1b709f8068f5166f5c3f4a Mon Sep 17 00:00:00 2001 From: Adrien Bernede <51493078+adrienbernede@users.noreply.github.com> Date: Thu, 3 Jun 2021 09:35:07 -0700 Subject: [PATCH 2/2] Apply suggestions from code review Co-authored-by: Steven --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index a90fb7f9..deecd2d3 100644 --- a/README.md +++ b/README.md @@ -120,13 +120,13 @@ jobs: access_token: ${{ github.token }} ``` -### Permissions control +### Advanced: Token Permissions -No change to permissions is required by default. The instructions below or for improved control over of those permissions. +No change to permissions is required by default. The instructions below are for improved control over of those permissions. -By default, Github creates the `GITHUB_TOKEN` for actions with some read/write permissions. It may be a good practice to switch to read-only permissions by default. Visit the [dedicated documentation page](https://docs.github.com/en/github/administering-a-repository/managing-repository-settings/disabling-or-limiting-github-actions-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository) for details. +By default, GitHub creates the `GITHUB_TOKEN` for Actions with some read/write permissions. It may be a good practice to switch to read-only permissions by default. Visit the [dedicated documentation page](https://docs.github.com/en/github/administering-a-repository/managing-repository-settings/disabling-or-limiting-github-actions-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository) for details. -Permissions can be set in the workflow, globally or at job level, see the [reference manual page](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#permissions). `cancel-workflow-action` only requires write access to the `actions` scope, so it is enough to have: +Permissions can be set for all Jobs in a Workflow or a specific Job, see the [reference manual page](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#permissions). `cancel-workflow-action` only requires write access to the `actions` scope, so it is enough to have: ```yml jobs: