Merge 8d131b7299 into 65c4c4a1dd

Add Recommended Permissions
To reduce risk of over-privileged tokens, we are adding recommended permissions to popular GitHub-owned Actions READMEs
2025-12-06 08:27:53 +01:00 · 2025-01-22 02:29:20 +00:00 · 2025-01-21 21:28:37 -05:00
1 changed files with 8 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -478,3 +478,11 @@ At the bottom of the workflow summary page, there is a dedicated section for art
 There is a trashcan icon that can be used to delete the artifact. This icon will only appear for users who have write permissions to the repository.

 The size of the artifact is denoted in bytes. The displayed artifact size denotes the size of the zip that `upload-artifact` creates during upload.
+
+# Recommended Permissions
+
+The `actions/upload-artifact` workflow relies on an internal authentication pattern and does not use the GITHUB_TOKEN, to reduce risk of over-privileged token, jobs that use `actions/upload-artifact` should set permissions to none:
+
+```yaml
+permissions: {}
+```
Author	SHA1	Message	Date
Kylie Stradley	a82652c49a	Merge `8d131b7299` into `65c4c4a1dd`	2025-01-22 02:29:20 +00:00
Kylie Stradley	8d131b7299	Add Recommended Permissions To reduce risk of over-privileged tokens, we are adding recommended permissions to popular GitHub-owned Actions READMEs	2025-01-21 21:28:37 -05:00