README
@pkgdeps/update-github-actions-permissions 
Update GitHub Actions's permissions automatically.
| Before | After |
|---|---|
 |
 |
Features
- Detect using Actions and add
permissionsfield to your action yaml file - Support 40+ GitHub Actions
Install
Install with npm:
npm install @pkgdeps/update-github-actions-permissions --global
or
npx @pkgdeps/update-github-actions-permissions ".github/workflows/*.{yaml,yml}"
Usage
Usage
$ update-github-actions-permissions "[file|glob]"
Options
--defaultPermissions [String] "write-all" or "read-all". Default: "write-all"
--verbose [Boolean] If enable verbose, output debug info.
Examples
$ update-github-actions-permissions ".github/workflows/test.yml"
# multiple inputs
$ update-github-actions-permissions ".github/workflows/test.yml" ".github/workflows/publish.yml"
$ update-github-actions-permissions ".github/workflows/*.{yml,yaml}"
Add existing action's permissions
This tool manage permissions in actions.yml.
If you want to improve the permissions definitions, please edit actions.yml.
- Edit actions.yml
- Submit a Pull Request
Detection logics
- Read your workflow file
- Collect
usesactions orenvwhich is using${{ secrets.GITHUB_TOKEN }} - Match actions with actions.yml
- If found unknown actions, write
defaultPermissions(permissions: write-all) to workflow file. - If found
envusage, writedefaultPermissions(permissions: write-all) to workflow file.- :memo:
NODE_AUTH_TOKENis special pattern. Current treats it ascontents: readandpackages: write.
- :memo:
- Else, put
permission: <combined permissions>to workflow file.
Changelog
See Releases page.
Running tests
Install devDependencies and Run npm test:
npm test
Contributing
Pull requests and stars are always welcome.
For bugs and feature requests, please create an issue.
- Fork it!
- Create your feature branch:
git checkout -b my-new-feature - Commit your changes:
git commit -am 'Add some feature' - Push to the branch:
git push origin my-new-feature - Submit a pull request :D
Author
License
MIT © azu