Add permissions
Limit the scope of GITHUB_TOKEN to only have write access to packages and read access to metadata. By default it seems to be granted access equal to that of the github.actor that triggered the workflow, which may include access to more than the workflow needs. Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
This commit is contained in:
Gabriel Adrian Samfira
parent
c6d26f0d37
commit
323a62d7b9
3
.github/workflows/build-test-images.yml
vendored
3
.github/workflows/build-test-images.yml
vendored
@ -19,6 +19,9 @@ on:
|
||||
required: true
|
||||
default: westeurope
|
||||
|
||||
permissions:
|
||||
packages: write
|
||||
|
||||
env:
|
||||
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUB_ID }}
|
||||
DEFAULT_ADMIN_USERNAME: azureuser
|
||||
|
||||
Loading…
Reference in New Issue
Block a user