Least Privilege in GitHub Actions
·1 min
In GitHub Actions it’s possible to remove all permissions from the token at the workflow level and then assign them on the job level:
name: Release
permissions: {} # No permissions
on:
push:
branches:
- main
jobs:
release:
permissions:
contents: write
packages: write
id-token: write