Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Set proper permissions for github actions #17809

Merged
merged 4 commits into from Aug 4, 2021
Merged

Set proper permissions for github actions #17809

merged 4 commits into from Aug 4, 2021

Conversation

sgiehl
Copy link
Member

@sgiehl sgiehl commented Jul 23, 2021

Description:

Actually I'm not totally sure if the changes might be to restrictive or if we could restrict some actions a bit more. Maybe write access to pull requests/issues would not be needed, if only commits are added and no comments.

Note: Setting permissions to none would actually not be needed, as that's the default as soon as another permission is set. I left them in, so it's clear which permissions are available and set.

Review

  • Functional review done
  • Potential edge cases thought about (behavior of the code with strange input, with strange internal state or possible interactions with other Matomo subsystems)
  • Usability review done (is anything maybe unclear or think about anything that would cause people to reach out to support)
  • Security review done see checklist
  • Code review done
  • Tests were added if useful/possible
  • Reviewed for breaking changes
  • Developer changelog updated if needed
  • Documentation added if needed
  • Existing documentation updated if needed

@sgiehl sgiehl added c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org. Needs Review PRs that need a code review labels Jul 23, 2021
@sgiehl sgiehl added this to the 4.5.0 milestone Jul 28, 2021
Copy link
Member

@diosmosis diosmosis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

makes sense

@sgiehl
Copy link
Member Author

sgiehl commented Aug 4, 2021

I'll merge this now. If any action fails in the future we can check if the permissions are too restrictive later...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. Needs Review PRs that need a code review not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants