Skip to content

Modify GitHub Actions workflow #74

New issue
New issue
Closed
#76
#75
Closed
Modify GitHub Actions workflow#74
#76
#75
Assignees
jprestop
Labels
pillar: communityCommunity pillar issuepriority: highHigh Priorityrequestor: NSF NCARNSF NCARtype: taskAn actionable item of work
Milestone
FastEddy 4.0
@jprestop

Description

@jprestop
jprestop
opened on May 2, 2025

Describe the Task

On 4/21/25, NCAR public GitHub repositories received an email about changes in the GitHub organization. We need to modify our current workflow in order to comply with these changes.

Due to “GitHub Token permissions will follow least privileged access guidelines and provide only the required permissions scope needed for the workflow.”, we should explicitly specify permissions at the workflow or job level to help ensure that even if a workflow is compromised, the potential damage is limited to only the explicitly permitted actions.

permissions:
  contents: read      # Only read repository contents
  actions: read       # Required for using 'actions/upload-artifact'
  pull-requests: read  # For workflows triggered by pull requests
  # Other permissions set to none by default

We likely need to apply these changes to main_v3.0 as well. Discuss with the team.

Time Estimate

< 1 day

Relevant Deadlines

May 8, 2025

New Parameters

NONE

Technical References

NONE

Define the Metadata

Assignee

  • Assign this Task to the appropriate person

Labels

  • Select pillar
  • Select priority
  • Select requestor(s)

Metadata

Metadata

Assignees

Labels

pillar: communityCommunity pillar issuepriority: highHigh Priorityrequestor: NSF NCARNSF NCARtype: taskAn actionable item of work

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions