Hacker News new | past | comments | ask | show | jobs | submit login

Temporary action tokens have full write by default; you have to explicitly opt for a read-only version.

    > Read and write permissions
    > Workflows have read and write permissions in the repository for all scopes.
If you read this line of the documentation (https://docs.github.com/en/actions/security-for-github-actio...) you might think otherwise:

    > If the default permissions for the GITHUB_TOKEN are restrictive, you may have to elevate the permissions to allow some actions and commands to run successfully.
But I can confirm that in our GitHub organization "Read and write permissions" was the default, and thus that line of documentation makes no sense.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: