You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+15-10Lines changed: 15 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,6 +8,8 @@ Development of this action is still ongoing, with plans to introduce more featur
8
8
9
9
10
10
## Usage
11
+
12
+
### Step: 1
11
13
The `github-action-by-permission` action is designed to enforce Role-Based Access Control (RBAC) for manually triggered (`workflow_dispatch`) GitHub workflows. Here's a simple example of how to use this action to control who can trigger a specific workflow:
12
14
13
15
```yml
@@ -31,26 +33,29 @@ jobs:
31
33
- name: Echo Something
32
34
run: echo "Hello World!"
33
35
```
36
+
### Step: 2
37
+
Create a yml file mentioning the specific users with their username for the pipeline permission. The file format should be as followed_
38
+
39
+
```yml
40
+
allowed_users:
41
+
- username1
42
+
- username2
43
+
- username3
44
+
```
45
+
`Note`: *In general, this `permissions.yaml` file should be kept in the root directory of the project*.
34
46
35
47
### Explanation
36
-
**Checkout Code**: The first step checks out the repository code using the standard actions/checkout@v3 action.
48
+
**Checkout Code**: The first step checks out the repository code using the standard `actions/checkout@v3` action.
37
49
38
-
**Check Permissions**: The `github-action-by-permission` action is then used to verify if the user who initiated the workflow has permission to do so. It references a yml file (in this case, named user-permissions.yml) where allowed users are defined.
50
+
**Check Permissions**: The `github-action-by-permission` action is then used to verify if the user who initiated the workflow has permission to do so. It references a `yml` file (*in this case, named user-permissions.yml*) where allowed users are defined.
39
51
40
52
**Echo Something**: If the permission check passes, the workflow proceeds to execute subsequent steps, such as echoing "Hello World!" in this example. You can specify your workflows as needed.
41
53
42
54
### Key Points
43
55
**permissions-file**: This input points to the YAML file that contains the list of users authorized to trigger the workflow. Only those listed in this file will be able to execute the pipeline.
44
56
45
-
`Note`: *In general, this `permissions.yaml` file is kept in the root directory of the project*.
46
-
The structure of this file is as below:
57
+
`Note Again`: *In general, this `permissions.yaml` file should be kept in the root directory of the project*.
47
58
48
-
```yml
49
-
allowed_users:
50
-
- user1
51
-
- user2
52
-
- user3
53
-
```
54
59
55
60
**Security and Control**: By integrating this action into your workflows, you can ensure that only authorized individuals have the ability to initiate critical processes, adding a layer of security and control to your CI/CD pipelines.
0 commit comments