[Engineering Task] Update GitHub Actions Workflows for GITHUB_TOKEN Permission Changes #653
Description
Type of task?
Builds
Description
Validate all GitHub Actions workflows in all our Open Source GitHub repositories to accommodate the upcoming changes in GITHUB_TOKEN permissions, effective February 1, 2024.
Starting February 1, 2024, the default permission for the GITHUB_TOKEN in GitHub Actions workflows will change from Read/Write to Read-only. This change aims to enhance security by enforcing least privilege access and aligning with Digital Security & Resilience (DSR) requirements.
Impact: Workflows that require the GITHUB_TOKEN for write operations or for accessing repository secrets will break unless updated with an explicit permissions block.
Solution
Identify all workflows in your repositories that utilize the GITHUB_TOKEN. Determine whether these workflows perform write operations or access repository secrets.
more info here : https://docs.opensource.microsoft.com/github/apps/permission-changes/