Maven / GitHub Actions Interview Questions
What is the GITHUB_TOKEN and what permissions does it have?
GITHUB_TOKEN is a short-lived, automatically generated token that GitHub injects into every workflow run. It is scoped to the repository where the workflow runs, expires when the job finishes, and requires no manual secret configuration. You access it via ${{ secrets.GITHUB_TOKEN }} or the environment variable $GITHUB_TOKEN.
By default the token is granted a set of permissions that cover the most common CI needs. The default permission level depends on your repository settings (either "permissive" or "restricted"). With the permissive default, common grants include:
contents: read— read source code and releasespull-requests: write— add comments, labels, and review status to PRspackages: write— push container images to GitHub Container Registry (GHCR)statuses: write— post commit statuses (used by CI checks)
Best practice is to declare minimum required permissions explicitly in the workflow, both at the workflow level and at the job level:
permissions:
contents: read # default; be explicit
jobs:
release:
permissions:
contents: write # needed to create a GitHub Release
packages: write # needed to push to GHCR
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: gh release create v1.0 --generate-notes
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Setting permissions: {} (all read) at the workflow level and then granting specific write permissions only to the jobs that need them is the principle of least privilege. GITHUB_TOKEN cannot access resources outside the repository that triggered the workflow; for cross-repo operations you need a Personal Access Token (PAT) or a GitHub App token.
Invest now in Acorns!!! 🚀
Join Acorns and get your $5 bonus!
Acorns is a micro-investing app that automatically invests your "spare change" from daily purchases into diversified, expert-built portfolios of ETFs. It is designed for beginners, allowing you to start investing with as little as $5. The service automates saving and investing. Disclosure: I may receive a referral bonus.
Invest now!!! Get Free equity stock (US, UK only)!
Use Robinhood app to invest in stocks. It is safe and secure. Use the Referral link to claim your free stock when you sign up!.
The Robinhood app makes it easy to trade stocks, crypto and more.
Webull! Receive free stock by signing up using the link: Webull signup.
More Related questions...
