Skip to content

[StepSecurity] ci: Harden GitHub Actions #2803

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
trask merged 2 commits into from
Jun 9, 2025
Merged

[StepSecurity] ci: Harden GitHub Actions #2803

trask merged 2 commits into from
Jun 9, 2025

Conversation

@step-security-bot
Copy link
Contributor

@step-security-bot step-security-bot commented Jun 7, 2025

Summary

This pull request is created by StepSecurity at the request of @trask. Please merge the Pull Request to incorporate the requested changes. Please tag @trask on your message if you have any questions related to the PR.

Security Fixes

Least Privileged GitHub Actions Token Permissions

The GITHUB_TOKEN is an automatically generated secret to make authenticated calls to the GitHub API. GitHub recommends setting minimum token permissions for the GITHUB_TOKEN.

Feedback

For bug reports, feature requests, and general feedback; please email [email protected]. To create such PRs, please visit https://app.stepsecurity.io/securerepo.

Signed-off-by: StepSecurity Bot [email protected]

@step-security-bot step-security-bot requested a review from a team June 7, 2025 00:45
trask
trask reviewed Jun 7, 2025
View reviewed changes
@trask trask added this pull request to the merge queue Jun 9, 2025
Merged via the queue into open-telemetry:main with commit 4b3de85 Jun 9, 2025
4 of 5 checks passed
austinlparker pushed a commit to austinlparker/community that referenced this pull request Jun 18, 2025
@step-security-bot @trask @austinlparker
[StepSecurity] ci: Harden GitHub Actions (open-telemetry#2803)
a9cbdd9 
* [StepSecurity] ci: Harden GitHub Actions

Signed-off-by: StepSecurity Bot <[email protected]>

* Update .github/workflows/spell-check.yml

---------

Signed-off-by: StepSecurity Bot <[email protected]>
Co-authored-by: Trask Stalnaker <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@trask trask trask approved these changes

@mx-psi mx-psi mx-psi approved these changes

@alolita alolita Awaiting requested review from alolita alolita is a code owner

@austinlparker austinlparker Awaiting requested review from austinlparker austinlparker is a code owner

@jpkrohling jpkrohling Awaiting requested review from jpkrohling jpkrohling is a code owner

@mtwo mtwo Awaiting requested review from mtwo mtwo is a code owner

@svrnm svrnm Awaiting requested review from svrnm svrnm is a code owner

@tedsuo tedsuo Awaiting requested review from tedsuo tedsuo is a code owner

+1 more reviewer

@danielgblanco danielgblanco danielgblanco approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@step-security-bot @trask @danielgblanco @mx-psi