Actions/upload-artifact
1
Fork 0
mirror of https://github.com/actions/upload-artifact.git synced 2025-10-31 19:43:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add Recommended Permissions

Browse Source 
To reduce risk of over-privileged tokens, we are adding recommended permissions to popular GitHub-owned Actions READMEs
This commit is contained in:
Kylie Stradley 2025-01-21 21:28:37 -05:00 committed by GitHub
parent 65c4c4a1dd
commit 8d131b7299
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -478,3 +478,11 @@ At the bottom of the workflow summary page, there is a dedicated section for art
There is a trashcan icon that can be used to delete the artifact. This icon will only appear for users who have write permissions to the repository.
The size of the artifact is denoted in bytes. The displayed artifact size denotes the size of the zip that `upload-artifact` creates during upload.
# Recommended Permissions
The `actions/upload-artifact` workflow relies on an internal authentication pattern and does not use the GITHUB_TOKEN, to reduce risk of over-privileged token, jobs that use `actions/upload-artifact` should set permissions to none:
```yaml
permissions: {}
```