Skip to content

[RHELMISC-34381] Remove secret inheritance from workflows#21

Merged
bjohnsto merged 1 commit into
dm-vdo:mainfrom
bjohnsto:security/remove-secrets-inherit
May 28, 2026
Merged

[RHELMISC-34381] Remove secret inheritance from workflows#21
bjohnsto merged 1 commit into
dm-vdo:mainfrom
bjohnsto:security/remove-secrets-inherit

Conversation

@bjohnsto

Copy link
Copy Markdown
Member

According to github docs, reusable workflows have automatic permissions to github.token and secrets.GITHUB_TOKEN. Remove direct inheritance to harden the workflow code.

According to github docs, reusable workflows have automatic
permissions to github.token and secrets.GITHUB_TOKEN. Remove
direct inheritance to harden the workflow code.

Signed-off-by: Bruce Johnston <bjohnsto@redhat.com>

@lorelei-sakai lorelei-sakai left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checkserver failures, probably not relevant to this PR.

@bjohnsto bjohnsto merged commit 665e3c7 into dm-vdo:main May 28, 2026
5 of 6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants