-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Scope down workflow permissions #12973
Scope down workflow permissions #12973
Conversation
748b41b
to
75bf7f8
Compare
@jaykorean has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator. |
@jaykorean has updated the pull request. You must reimport the pull request before landing. |
@jaykorean has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The nightly jobs are probably not triggered by this PR?
@cbi42 Correct. It is scheduled by cron ( |
I see. We can monitor the next run just to make sure. |
@jaykorean merged this pull request in 0082907. |
Summary
Followed instruction per https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#defining-access-for-the-github_token-scopes
It turns out that we did not need any of these except
Metadata: read
.Before
After
Test Plan
GitHub Actions triggered by this PR