[llvm] [libc++][Github] Remove workflow-scoped write permissions (PR #126447)
Aiden Grossman via llvm-commits
llvm-commits at lists.llvm.org
Sun Feb 9 16:17:54 PST 2025
https://github.com/boomanaiden154 created https://github.com/llvm/llvm-project/pull/126447
This patch removes the workflow-scoped package write permissions in the libcxx-build-containers workflow. The relevant permissions are already present in the job, so this raises the potential for new jobs being added to the workflow that do not need the permissions but having them anyways. Not having workflow-scoped write permissions is security best practice.
Fixes #126230.
>From a7c5b22d065fd73b8f94e98eebc5a6aa07036003 Mon Sep 17 00:00:00 2001
From: Aiden Grossman <aidengrossman at google.com>
Date: Mon, 10 Feb 2025 00:15:34 +0000
Subject: [PATCH] [libc++][Github] Remove workflow-scoped write permissions
This patch removes the workflow-scoped package write permissions in the
libcxx-build-containers workflow. The relevant permissions are already
present in the job, so this raises the potential for new jobs being
added to the workflow that do not need the permissions but having them
anyways. Not having workflow-scoped write permissions is security best
practice.
Fixes #126230.
---
.github/workflows/libcxx-build-containers.yml | 1 -
1 file changed, 1 deletion(-)
diff --git a/.github/workflows/libcxx-build-containers.yml b/.github/workflows/libcxx-build-containers.yml
index 2d040f712ce592b..bb4bd8843772fba 100644
--- a/.github/workflows/libcxx-build-containers.yml
+++ b/.github/workflows/libcxx-build-containers.yml
@@ -9,7 +9,6 @@ name: Build Docker images for libc++ CI
permissions:
contents: read
- packages: write
on:
push:
More information about the llvm-commits
mailing list