github-action/no-top-level-permissions

Disallow using top-level permissions.

📖 Rule Details

This rule reports when a workflow has a top-level permissions property.

name: CI

jobs:
  unit-test:
    runs-on: ubuntu-latest
    # Non top-level permissions
    permissions:
      id-token: write
      contents: write

correct

name: CI

permissions:
  id-token: write
  contents: write

incorrect

🔧 Options

Nothing.

🚀 Version

This rule was introduced in eslint-plugin-github-action v0.0.4

🔍 Implementation

• Rule source
• Test source