Skip to content

[BRE-1333] Implement least privilege for GitHub app token permissions#117

Open
gitclonebrian wants to merge 1 commit intomainfrom
BRE-1333/workflow-token-perms
Open

[BRE-1333] Implement least privilege for GitHub app token permissions#117
gitclonebrian wants to merge 1 commit intomainfrom
BRE-1333/workflow-token-perms

Conversation

@gitclonebrian
Copy link

@gitclonebrian gitclonebrian commented Nov 25, 2025
edited by atlassian bot
Loading

Ticket

BRE-1148

Description

Implement least privilege for GitHub app token permissions

  • Add workflow-level permissions: {} to remove default GITHUB_TOKEN permissions
  • Remove actions: write from deploy job (not used by GITHUB_TOKEN)
  • Add permission-actions: write to GitHub App token for workflow dispatch

@gitclonebrian
[cd.yml] Implement least privilege for GitHub Actions permissions
9ca0f38 
- Add workflow-level permissions: {} to remove default GITHUB_TOKEN permissions
- Remove actions: write from deploy job (not used by GITHUB_TOKEN)
- Add permission-actions: write to GitHub App token for workflow dispatch
@gitclonebrian gitclonebrian marked this pull request as ready for review November 25, 2025 02:23
@gitclonebrian gitclonebrian requested a review from a team as a code owner November 25, 2025 02:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gitclonebrian