Replies: 4 comments 2 replies
-
I finally found the settings by myself. In organization settings, there is a Workflow permissions option. |
Beta Was this translation helpful? Give feedback.
-
I have the same problem and could change the default permissions in the organization settings. But I don't want to. I want to have the restricted default permissions and make use of the YAML's job "permissions". And the "Workflow permissions" section in both the organization and repo settings states that "You can specify more granular permissions in the workflow using YAML.". Apparently, I can not. Furthermore, I checked the docs that "specifying more granular permissions" is not limited to further restricting permissions. According to the docs it should be possible to elevate permissions: "You can modify the permissions for the GITHUB_TOKEN in individual workflow files. If the default permissions for the GITHUB_TOKEN are restrictive, you may have to elevate the permissions to allow some actions and commands to run successfully." [1] Is there something different with organization default permissions? Are they an upper permission limit? |
Beta Was this translation helpful? Give feedback.
-
Okay, so I'm not sure if this is a bug, but I think it has something to do with me using nested workflows. This is my setup: main workflow sub workflow 2: When requesting the permissions for "sub job 2" directly, I get the aforementioned error. When requesting them for the "main job 2", I do not. This is still not exactly what I want but much better than relaxing the organizational settings. |
Beta Was this translation helpful? Give feedback.
-
The safe way to do this is to elevate the permissions when calling the workflow: jobs:
call-workflow:
permissions:
id-token: write
uses: org/workflows/.github/workflows/workflow.yml@<sha256> See https://github.com/8hobbies/react-autonumeric/blob/bb7ac1f5f29138a80d5d00f2e51c32acb673ce29/.github/workflows/pages.yml#L25-L27 for a live example. |
Beta Was this translation helpful? Give feedback.
-
Select Topic Area
Question
Body
Hello all,
This weekend, I enabled github enterprise trial but it kill all our github actions workflows, we cancel the trial to come back to the team subscription level and see if it's better, but that's not.
Actually all the workflows stopped because of permissions issues, like :
I guess something that need to be optin on old organizations, has been automatically opt-in while changing subscriptions level.
Is there a way to opt-out for this settings ? Because we have so many workflows to fix because of that, that this is really depressing :/
Thanks a lot for your answers,
Matthieu
Beta Was this translation helpful? Give feedback.
All reactions