kbendick opened a new pull request #3007: URL: https://github.com/apache/iceberg/pull/3007
According to [the docs on Permissions for the GITHUB_TOKEN](https://docs.github.com/en/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token), the GITHUB_TOKEN that's generated for each run of a workflow has a specific set of permissions associated to it. These permissions can be defined more granularly, to reduce the scope of the things the workflow can touch. To test this out, I'm using the permissions given in the example provided on the same page. This partially closes the following issue issue https://github.com/apache/iceberg/issues/3006, though we should consider adding this to all workflows that use GITHUB_TOKEN. For reference, I've tested this by merging it into my fork and ensuring that a new PR can still label (and update labels) as expected: https://github.com/kbendick/iceberg/pull/55 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
