Skip to content

Update security-hardening-for-github-actions.md #3706

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Mar 4, 2021
Merged

Update security-hardening-for-github-actions.md #3706

merged 3 commits into from
Mar 4, 2021

Conversation

fuxingloh
Copy link
Contributor

@fuxingloh fuxingloh commented Feb 15, 2021
edited
Loading

Why:

Confusing statement, shouldn't it be {% data variables.product.prodname_actions %} instead of {% data variables.product.product_name %}?

What's being changed:

https://docs-3706--patch-1.herokuapp.com/en/actions/learn-github-actions/security-hardening-for-github-actions#considering-cross-repository-access

Before: GitHub is intentionally scoped for a single repository at a time. The GITHUB_TOKEN grants the same level of access as a write-access user, because any write-access user can access this token by creating or modifying workflow files.

After: GitHub Actions is intentionally scoped for a single repository at a time. The GITHUB_TOKEN grants the same level of access as a write-access user, because any write-access user can access this token by creating or modifying workflow files.

Check off the following:

@fuxingloh
Update security-hardening-for-github-actions.md
150f897 
Confusing statement, shouldn't it be {% data variables.product.prodname_actions %} instead of {% data variables.product.product_name %}?
@welcome
Copy link

welcome bot commented Feb 15, 2021

Thanks for opening this pull request! A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.

@janiceilene
Copy link
Contributor

@fuxingloh Thanks so much for opening a PR! I'll get this triaged for review ⚡

@janiceilene janiceilene added actions This issue or pull request should be reviewed by the docs actions team content This issue or pull request belongs to the Docs Content team waiting for review Issue/PR is waiting for a writer's review labels Feb 17, 2021
@shati-patel shati-patel self-assigned this Mar 4, 2021
shati-patel
shati-patel approved these changes Mar 4, 2021
View reviewed changes
Copy link
Contributor

@shati-patel shati-patel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for fixing this, @fuxingloh! Much appreciated 😃

I'll get this merged shortly.

@shati-patel shati-patel enabled auto-merge (squash) March 4, 2021 12:08
@shati-patel shati-patel added ready to merge This pull request is ready to merge and removed waiting for review Issue/PR is waiting for a writer's review labels Mar 4, 2021
@shati-patel
Copy link
Contributor

shati-patel commented Mar 4, 2021
edited
Loading

We're looking at the Browser Test failure internally, we can ignore it for now!

@shati-patel shati-patel merged commit 77f5768 into github:main Mar 4, 2021
@fuxingloh fuxingloh deleted the patch-1 branch March 8, 2021 10:34
@ryan-ally ryan-ally mentioned this pull request Sep 20, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shati-patel shati-patel shati-patel approved these changes

Assignees

@shati-patel shati-patel

Labels
actions This issue or pull request should be reviewed by the docs actions team content This issue or pull request belongs to the Docs Content team ready to merge This pull request is ready to merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fuxingloh @janiceilene @shati-patel