Skip to content
This repository has been archived by the owner on Mar 8, 2024. It is now read-only.

Reduced scope of id-token acquisition permission #459

Merged
merged 1 commit into from
Jun 18, 2023
Merged

Reduced scope of id-token acquisition permission #459

merged 1 commit into from
Jun 18, 2023

Conversation

ThorstenSauter
Copy link
Owner

@ThorstenSauter ThorstenSauter commented Jun 18, 2023
edited
Loading

In accordance with the GitHub Blog Post, the permission for acquiring an id token from GitHub

permissions:
  id-token: write

has been moved from the workflow context to the job requiring it for logging into Azure using federated authentication

@ThorstenSauter
Reduced scope of id-token acquisition permission
2ca240c 
In accordance with the [GitHub Blog Post](https://github.blog/changelog/2023-06-15-github-actions-securing-openid-connect-oidc-token-permissions-in-reusable-workflows), the permission for acquiring an id token from GitHub (`permissions: it-token: write`) has been moved from the workflow context to the job requiring it for logging into Azure using federated authentication
@ThorstenSauter ThorstenSauter added the github_actions Pull requests that update GitHub Actions code label Jun 18, 2023
@ThorstenSauter ThorstenSauter self-assigned this Jun 18, 2023
@codecov
Copy link

codecov bot commented Jun 18, 2023

Codecov Report

Patch and project coverage have no change.

Comparison is base (a5a32ae) 88.32% compared to head (2ca240c) 88.32%.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #459   +/-   ##
=======================================
  Coverage   88.32%   88.32%           
=======================================
  Files          35       35           
  Lines         591      591           
=======================================
  Hits          522      522           
  Misses         69       69

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@ThorstenSauter ThorstenSauter merged commit f71f825 into main Jun 18, 2023
9 checks passed
@ThorstenSauter ThorstenSauter deleted the ThorstenSauter/reduce-id-token-acquisition-permission branch June 18, 2023 14:45
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@ThorstenSauter ThorstenSauter

Labels
github_actions Pull requests that update GitHub Actions code
Projects
NoPlan
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ThorstenSauter