Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify How the permissions are calculated for a workflow job #32398

Open
1 task done
jsoref opened this issue Apr 5, 2024 · 1 comment
Open
1 task done

Clarify How the permissions are calculated for a workflow job #32398

jsoref opened this issue Apr 5, 2024 · 1 comment
Labels
actions This issue or pull request should be reviewed by the docs actions team content This issue or pull request belongs to the Docs Content team waiting for review Issue/PR is waiting for a writer's review

Comments

@jsoref
Copy link
Contributor

jsoref commented Apr 5, 2024

Code of Conduct

What article on docs.github.com is affected?

https://docs.github.com/en/actions/security-guides/automatic-token-authentication#how-the-permissions-are-calculated-for-a-workflow-job

What part(s) of the article would you like to see updated?

Finally,
if the workflow was triggered by a pull request from a forked repository,
and the Send write tokens to workflows from pull requests setting is not selected,
the permissions are adjusted to change any write permissions to read only.

Should be changed to say clarify that if the workflow was triggered by a pull request and the job event is pull_request_target then write permissions will not be changed to read only.

I'm still recovering from a concussion, but here's my first attempt at fixing this text:

Finally,
if the workflow was triggered for the pull_request event (and not the pull_request_target event) by a pull request from a forked repository,
and the Send write tokens to workflows from pull requests setting is not selected,
the permissions are adjusted to change any write permissions to read only.

Additional information

No response
@jsoref jsoref added the content This issue or pull request belongs to the Docs Content team label Apr 5, 2024
@github-actions github-actions bot added the triage Do not begin working on this issue until triaged by the team label Apr 5, 2024
@nguyenalex836 nguyenalex836 added actions This issue or pull request should be reviewed by the docs actions team waiting for review Issue/PR is waiting for a writer's review and removed triage Do not begin working on this issue until triaged by the team labels Apr 5, 2024
@nguyenalex836
Copy link
Contributor

@jsoref Sorry to hear about the concussion 💛 I'll get this triaged for review ✨

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
actions This issue or pull request should be reviewed by the docs actions team content This issue or pull request belongs to the Docs Content team waiting for review Issue/PR is waiting for a writer's review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jsoref @nguyenalex836