Conversation
|
@microsoft-github-policy-service agree |
| permissions: | ||
| contents: read | ||
| pages: write | ||
| id-token: write |
There was a problem hiding this comment.
What is this permission needed for?
There was a problem hiding this comment.
GitHub pages needs it internally to write to the pages container registry.
https://github.com/actions/deploy-pages/blob/b580d214b4e13b2a70d0e04376a86ed862ebb558/README.md?plain=1#L31
The Id token allows it to use JWTs internally, somehow it's more secure according to them. It's quite a bit more secure and convenient than what's currently there, as to make it work currently you have to blanket grant all actions write access in GitHub settings's GUI, just for pages to work via the old commit to a branch method.
The old code made all workflows have write access to all code and pages. The new. Odd gives write access to pages for one workflow, while keeping all other ones read-only.
|
Thanks for the PR! |
|
@hediet in GitHub pages settings you'll have to switch the deployment from "branch deployment" to CI deployment. This is in regards to the |
3 participants
The new one allows you to specify GITHUB_TOKEN permissions in the workflows file... which means forkers don't need to dig through GUI settings to get it working. It also doesn't require a second noisy branch to function, and can help reduce package size for large repos. An 800MB repo doesn't sound like a lot, but thats before Yarn and Playwright have a go at your poor computer, also my 16GB computer has been screaming at me about RAM usage, not sure if that had something to do with it.
P.S. I was working on something far more exciting... this is just to test the waters.
Also, I was surprised to see so many samples, good ones, that aren't exposed on the website.
proof that it works:
https://github.com/FossPrime/monaco-editor/actions/runs/5166983110