Workflow Permissions - Definição do Glossário de CI/CD
Workflow permissions são os escopos de acesso concedidos ao GITHUB_TOKEN automático, definidos com um bloco permissions: no nível do workflow ou do job (por exemplo contents: read, packages: write).
Menor privilégio
Definir permissions: {} e conceder apenas os escopos de que um job precisa limita o raio de impacto se um step for comprometido. A configuração do repositório "Read and write permissions" versus "Read repository contents" define o padrão quando nenhum bloco está presente.
Guias relacionados
GITHUB_TOKEN - CI/CD Glossary DefinitionGITHUB_TOKEN: GITHUB_TOKEN is the short-lived access token GitHub Actions creates automatically for each work…
OIDC Token - CI/CD Glossary DefinitionOIDC Token: An OIDC token is a short-lived OpenID Connect JWT that GitHub Actions can issue to a job, letting…
Reusable Workflow - CI/CD Glossary DefinitionReusable Workflow: A reusable workflow is a complete workflow file that other workflows can call with `uses:`…