actions/download-artifact
1
0
Fork 0
mirror of https://github.com/actions/download-artifact.git synced 2025-01-29 09:29:42 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add Recommended Permissions

Browse source 
To reduce risk of over-privileged tokens, we are adding recommended permissions to popular GitHub-owned Actions READMEs
This commit is contained in:
Kylie Stradley 2025-01-21 21:30:55 -05:00 committed by GitHub
parent 7fba95161a
commit 86f43ed3c7
WARNING! Although there is a key with this ID in the database it does not verify this commit! This commit is SUSPICIOUS.
GPG key ID: B5690EEEBB952194
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
README.md
View file

@ -251,3 +251,10 @@ If you must preserve permissions, you can `tar` all of your files together befor
name: my-artifact
path: my_files.tar
```
# Recommended Permissions
The `actions/download-artifact` workflow relies on an internal authentication pattern and does not use the GITHUB_TOKEN, to reduce risk of over-privileged token, jobs that use `actions/download-artifact` should set permissions to none:
```yaml
perm