GitHub-Bitwarden
/
self-host
mirror of https://github.com/bitwarden/self-host.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Add suggestions for scoping down permissions on the app tokens

pull/431/head
Vince Grassia 2 weeks ago
parent
352e509784
commit
44e3441d35
No known key found for this signature in database
GPG Key ID: 9AD7505E8448CC08
2 changed files with 3 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      .github/workflows/build-bitwarden-lite.yml
  2. 1
      .github/workflows/release.yml

2
.github/workflows/build-bitwarden-lite.yml
Unescape View File

@ -152,6 +152,8 @@ jobs:
with: with:
app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }} app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }} private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}
permission-actions: read # for downloading workflow run artifacts
permission-contents: read # for checking out repos
- name: Checkout server repo - name: Checkout server repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

1
.github/workflows/release.yml
Unescape View File

@ -501,6 +501,7 @@ jobs:
with: with:
app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }} app-id: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-ID }}
private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }} private-key: ${{ steps.get-kv-secrets.outputs.BW-GHAPP-KEY }}
permission-actions: write
- name: Trigger release-digital-ocean workflow - name: Trigger release-digital-ocean workflow
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0

Write Preview
Loading…
Cancel
Save