[PR #3155] [MERGED] Set least privileged token permission for GitHub Actions #4691

New issue

Closed

opened 2026-05-05 14:46:53 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented 2026-05-05 14:46:53 -06:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/fatedier/frp/pull/3155
Author: @ashishkurmi
Created: 10/31/2022
Status: ✅ Merged
Merged: 10/31/2022
Merged by: @fatedier

Base: dev ← Head: dev

---

📝 Commits (1)

• 85397ed Set least privileged token permission for GitHub Actions

📊 Changes

3 files changed (+12 additions, -0 deletions)

View changed files

📝 .github/workflows/build-and-push-image.yml (+3 -0)
📝 .github/workflows/goreleaser.yml (+3 -0)
📝 .github/workflows/stale.yml (+6 -0)

📄 Description

Other than golangci-lint.yml, all other GitHub Actions workflow files have elevated token permissions as demonstrated by the following workflow execution logs.
https://github.com/fatedier/frp/actions/runs/3334432128/jobs/5517384845#step:1:19

This PR mitigates this issue. In addition to this PR, you should consider setting the following permission so that new workflow files will default to read-only permissions
https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository

Signed-off-by: Ashish Kurmi akurmi@stepsecurity.io

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/fatedier/frp/pull/3155 **Author:** [@ashishkurmi](https://github.com/ashishkurmi) **Created:** 10/31/2022 **Status:** ✅ Merged **Merged:** 10/31/2022 **Merged by:** [@fatedier](https://github.com/fatedier) **Base:** `dev` ← **Head:** `dev` --- ### 📝 Commits (1) - [`85397ed`](https://github.com/fatedier/frp/commit/85397edcc4398fb94572140823d68f9f2645e7e6) Set least privileged token permission for GitHub Actions ### 📊 Changes **3 files changed** (+12 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/build-and-push-image.yml` (+3 -0) 📝 `.github/workflows/goreleaser.yml` (+3 -0) 📝 `.github/workflows/stale.yml` (+6 -0) </details> ### 📄 Description Other than `golangci-lint.yml`, all other GitHub Actions workflow files have elevated token permissions as demonstrated by the following workflow execution logs. https://github.com/fatedier/frp/actions/runs/3334432128/jobs/5517384845#step:1:19 This PR mitigates this issue. In addition to this PR, you should consider setting the following permission so that new workflow files will default to read-only permissions https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository#setting-the-permissions-of-the-github_token-for-your-repository Signed-off-by: Ashish Kurmi <akurmi@stepsecurity.io> --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

gitea-mirror 2026-05-05 14:46:53 -06:00

• closed this issue
• added the
  pull-request
  label

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

dev

new

master

copilot/review-pull-request-5198

v0.68.1

v0.68.0

v0.67.0

v0.66.0

v0.65.0

v0.64.0

v0.63.0

v0.62.1

v0.62.0

v0.61.2

v0.61.1

v0.61.0

v0.60.0

v0.59.0

v0.58.1

v0.58.0

v0.57.0

v0.56.0

v0.55.1

v0.55.0

v0.54.0

v0.53.2

v0.53.1

v0.53.0

v0.52.3

v0.52.2

v0.52.1

v0.52.0

v0.51.3

v0.51.2

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.1

v0.46.0

v0.45.0

v0.44.0

v0.43.0

v0.42.0

v0.41.0

v0.40.0

v0.39.1

v0.39.0

v0.38.0

v0.37.1

v0.37.0

v0.36.2

v0.36.1

v0.36.0

v0.35.1

v0.35.0

v0.34.3

v0.34.2

v0.34.1

v0.34.0

v0.33.0

v0.32.1

v0.32.0

v0.31.2

v0.31.1

v0.31.0

v0.30.0

v0.29.1

v0.29.0

v0.28.2

v0.28.1

v0.28.0

v0.27.1

v0.27.0

v0.26.0

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.3

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.0

v0.19.1

v0.19.0

v0.18.0

v0.17.0

v0.16.1

v0.16.0

v0.15.1

v0.15.0

v0.14.1

v0.14.0

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.1

v0.8.0

v0.7.0

v0.6.0

v0.5.0

v0.3.0

v0.2.0

v0.1.0

Labels

Clear labels   

In Progress

  

WIP

  

WaitingForInfo

  

bug

  

doc

  

duplicate

  

easy

  

enhancement

  

future

  

help wanted

  

invalid

  

lifecycle/stale

  

need-issue-template

  

need-usage-help

  

no plan

  

proposal

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

todo

No labels

In Progress

WIP

WaitingForInfo

bug

doc

duplicate

easy

enhancement

future

help wanted

invalid

lifecycle/stale

need-issue-template

need-usage-help

no plan

proposal

pull-request

question

todo

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#4691

No description provided.