github-actions-0.1.1.0: Github Actions
Copyright(c) 2025 Bellroy Pty Ltd
LicenseBSD-3-Clause
MaintainerBellroy Tech Team <haskell@bellroy.com>
Safe HaskellNone
LanguageHaskell2010

Language.Github.Actions.Permissions

Description

This module provides types for managing GitHub Actions permissions and access control. Permissions control what GitHub APIs and resources workflows and jobs can access.

You can set permissions at the workflow level (affecting all jobs) or at individual job levels. This follows the principle of least privilege by allowing you to grant only the specific permissions needed.

For more information about GitHub Actions permissions, see: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#permissions

Synopsis

Documentation

data Permissions Source #

Overall permissions configuration for a workflow or job.

Permissions can be set globally (affecting all permission types) or individually for specific permission types.

Example usage:

import Language.Github.Actions.Permissions

-- Grant read access to everything
readOnlyPerms :: Permissions
readOnlyPerms = ReadAll

-- Grant specific permissions only
customPerms :: Permissions
customPerms = Custom $ Map.fromList
 [ (Contents, Read)
 , (PullRequests, Write)
 ]

Constructors

NoPermissions

No permissions granted (empty object)

ReadAll

Read access to all permission types

WriteAll

Write access to all permission types

Custom (Map PermissionType Permission)

Custom permission mapping

Instances

Instances details
FromJSON Permissions Source # 
Instance details

Defined in Language.Github.Actions.Permissions

Methods

parseJSON :: Value -> Parser Permissions #

parseJSONList :: Value -> Parser [Permissions] #

omittedField :: Maybe Permissions #

ToJSON Permissions Source # 
Instance details

Defined in Language.Github.Actions.Permissions

Methods

toJSON :: Permissions -> Value #

toEncoding :: Permissions -> Encoding #

toJSONList :: [Permissions] -> Value #

toEncodingList :: [Permissions] -> Encoding #

omitField :: Permissions -> Bool #

Generic Permissions Source # 
Instance details

Defined in Language.Github.Actions.Permissions

Associated Types

type Rep Permissions 
Instance details

Defined in Language.Github.Actions.Permissions

type Rep Permissions = D1 ('MetaData "Permissions" "Language.Github.Actions.Permissions" "github-actions-0.1.1.0-BjHhRMO6iQ17qdsNXwhDab" 'False) ((C1 ('MetaCons "NoPermissions" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "ReadAll" 'PrefixI 'False) (U1 :: Type -> Type)) :+: (C1 ('MetaCons "WriteAll" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "Custom" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 (Map PermissionType Permission)))))

Methods

from :: Permissions -> Rep Permissions x #

to :: Rep Permissions x -> Permissions #

Show Permissions Source # 
Instance details

Defined in Language.Github.Actions.Permissions

Methods

showsPrec :: Int -> Permissions -> ShowS #

show :: Permissions -> String #

showList :: [Permissions] -> ShowS #

Eq Permissions Source # 
Instance details

Defined in Language.Github.Actions.Permissions

Methods

(==) :: Permissions -> Permissions -> Bool #

(/=) :: Permissions -> Permissions -> Bool #

Ord Permissions Source # 
Instance details

Defined in Language.Github.Actions.Permissions

Methods

compare :: Permissions -> Permissions -> Ordering #

(<) :: Permissions -> Permissions -> Bool #

(<=) :: Permissions -> Permissions -> Bool #

(>) :: Permissions -> Permissions -> Bool #

(>=) :: Permissions -> Permissions -> Bool #

max :: Permissions -> Permissions -> Permissions #

min :: Permissions -> Permissions -> Permissions #

type Rep Permissions Source # 
Instance details

Defined in Language.Github.Actions.Permissions

type Rep Permissions = D1 ('MetaData "Permissions" "Language.Github.Actions.Permissions" "github-actions-0.1.1.0-BjHhRMO6iQ17qdsNXwhDab" 'False) ((C1 ('MetaCons "NoPermissions" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "ReadAll" 'PrefixI 'False) (U1 :: Type -> Type)) :+: (C1 ('MetaCons "WriteAll" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "Custom" 'PrefixI 'False) (S1 ('MetaSel ('Nothing :: Maybe Symbol) 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedLazy) (Rec0 (Map PermissionType Permission)))))

data PermissionType Source #

Types of permissions that can be granted to GitHub Actions workflows.

Each permission type corresponds to a specific area of GitHub functionality that workflows might need to access.

For more details about each permission type, see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token

Constructors

Actions

Manage GitHub Actions (e.g., cancel workflow runs)

Attestations

Create and verify attestations

Checks

Create and update check runs and suites

Contents

Read and write repository contents

Deployments

Create and manage deployments

IdToken

Request OIDC JWT ID tokens

Issues

Create and manage issues

Discussions

Create and manage discussions

Packages

Publish and manage packages

Pages

Deploy to GitHub Pages

PullRequests

Create and manage pull requests

RepositoryProjects

Manage repository projects

SecurityEvents

Read and write security events

Statuses

Create commit status checks

Instances

Instances details
FromJSON PermissionType Source # 
Instance details

Defined in Language.Github.Actions.Permissions

Methods

parseJSON :: Value -> Parser PermissionType #

parseJSONList :: Value -> Parser [PermissionType] #

omittedField :: Maybe PermissionType #

FromJSONKey PermissionType Source # 
Instance details

Defined in Language.Github.Actions.Permissions

Methods

fromJSONKey :: FromJSONKeyFunction PermissionType #

fromJSONKeyList :: FromJSONKeyFunction [PermissionType] #

ToJSON PermissionType Source # 
Instance details

Defined in Language.Github.Actions.Permissions

Methods

toJSON :: PermissionType -> Value #

toEncoding :: PermissionType -> Encoding #

toJSONList :: [PermissionType] -> Value #

toEncodingList :: [PermissionType] -> Encoding #

omitField :: PermissionType -> Bool #

ToJSONKey PermissionType Source # 
Instance details

Defined in Language.Github.Actions.Permissions

Methods

toJSONKey :: ToJSONKeyFunction PermissionType #

toJSONKeyList :: ToJSONKeyFunction [PermissionType] #

Bounded PermissionType Source # 
Instance details

Defined in Language.Github.Actions.Permissions

Methods

minBound :: PermissionType #

maxBound :: PermissionType #

Enum PermissionType Source # 
Instance details

Defined in Language.Github.Actions.Permissions

Methods

succ :: PermissionType -> PermissionType #

pred :: PermissionType -> PermissionType #

toEnum :: Int -> PermissionType #

fromEnum :: PermissionType -> Int #

enumFrom :: PermissionType -> [PermissionType] #

enumFromThen :: PermissionType -> PermissionType -> [PermissionType] #

enumFromTo :: PermissionType -> PermissionType -> [PermissionType] #

enumFromThenTo :: PermissionType -> PermissionType -> PermissionType -> [PermissionType] #

Generic PermissionType Source # 
Instance details

Defined in Language.Github.Actions.Permissions

Associated Types

type Rep PermissionType 
Instance details

Defined in Language.Github.Actions.Permissions

type Rep PermissionType = D1 ('MetaData "PermissionType" "Language.Github.Actions.Permissions" "github-actions-0.1.1.0-BjHhRMO6iQ17qdsNXwhDab" 'False) (((C1 ('MetaCons "Actions" 'PrefixI 'False) (U1 :: Type -> Type) :+: (C1 ('MetaCons "Attestations" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "Checks" 'PrefixI 'False) (U1 :: Type -> Type))) :+: ((C1 ('MetaCons "Contents" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "Deployments" 'PrefixI 'False) (U1 :: Type -> Type)) :+: (C1 ('MetaCons "IdToken" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "Issues" 'PrefixI 'False) (U1 :: Type -> Type)))) :+: ((C1 ('MetaCons "Discussions" 'PrefixI 'False) (U1 :: Type -> Type) :+: (C1 ('MetaCons "Packages" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "Pages" 'PrefixI 'False) (U1 :: Type -> Type))) :+: ((C1 ('MetaCons "PullRequests" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "RepositoryProjects" 'PrefixI 'False) (U1 :: Type -> Type)) :+: (C1 ('MetaCons "SecurityEvents" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "Statuses" 'PrefixI 'False) (U1 :: Type -> Type)))))

Methods

from :: PermissionType -> Rep PermissionType x #

to :: Rep PermissionType x -> PermissionType #

Show PermissionType Source # 
Instance details

Defined in Language.Github.Actions.Permissions

Methods

showsPrec :: Int -> PermissionType -> ShowS #

show :: PermissionType -> String #

showList :: [PermissionType] -> ShowS #

Eq PermissionType Source # 
Instance details

Defined in Language.Github.Actions.Permissions

Methods

(==) :: PermissionType -> PermissionType -> Bool #

(/=) :: PermissionType -> PermissionType -> Bool #

Ord PermissionType Source # 
Instance details

Defined in Language.Github.Actions.Permissions

Methods

compare :: PermissionType -> PermissionType -> Ordering #

(<) :: PermissionType -> PermissionType -> Bool #

(<=) :: PermissionType -> PermissionType -> Bool #

(>) :: PermissionType -> PermissionType -> Bool #

(>=) :: PermissionType -> PermissionType -> Bool #

max :: PermissionType -> PermissionType -> PermissionType #

min :: PermissionType -> PermissionType -> PermissionType #

type Rep PermissionType Source # 
Instance details

Defined in Language.Github.Actions.Permissions

type Rep PermissionType = D1 ('MetaData "PermissionType" "Language.Github.Actions.Permissions" "github-actions-0.1.1.0-BjHhRMO6iQ17qdsNXwhDab" 'False) (((C1 ('MetaCons "Actions" 'PrefixI 'False) (U1 :: Type -> Type) :+: (C1 ('MetaCons "Attestations" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "Checks" 'PrefixI 'False) (U1 :: Type -> Type))) :+: ((C1 ('MetaCons "Contents" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "Deployments" 'PrefixI 'False) (U1 :: Type -> Type)) :+: (C1 ('MetaCons "IdToken" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "Issues" 'PrefixI 'False) (U1 :: Type -> Type)))) :+: ((C1 ('MetaCons "Discussions" 'PrefixI 'False) (U1 :: Type -> Type) :+: (C1 ('MetaCons "Packages" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "Pages" 'PrefixI 'False) (U1 :: Type -> Type))) :+: ((C1 ('MetaCons "PullRequests" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "RepositoryProjects" 'PrefixI 'False) (U1 :: Type -> Type)) :+: (C1 ('MetaCons "SecurityEvents" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "Statuses" 'PrefixI 'False) (U1 :: Type -> Type)))))

data Permission Source #

Permission levels that can be granted for each permission type.

Constructors

None

No access granted

Read

Read-only access

Write

Read and write access

Instances

Instances details
FromJSON Permission Source # 
Instance details

Defined in Language.Github.Actions.Permissions

Methods

parseJSON :: Value -> Parser Permission #

parseJSONList :: Value -> Parser [Permission] #

omittedField :: Maybe Permission #

ToJSON Permission Source # 
Instance details

Defined in Language.Github.Actions.Permissions

Methods

toJSON :: Permission -> Value #

toEncoding :: Permission -> Encoding #

toJSONList :: [Permission] -> Value #

toEncodingList :: [Permission] -> Encoding #

omitField :: Permission -> Bool #

Bounded Permission Source # 
Instance details

Defined in Language.Github.Actions.Permissions

Methods

minBound :: Permission #

maxBound :: Permission #

Enum Permission Source # 
Instance details

Defined in Language.Github.Actions.Permissions

Methods

succ :: Permission -> Permission #

pred :: Permission -> Permission #

toEnum :: Int -> Permission #

fromEnum :: Permission -> Int #

enumFrom :: Permission -> [Permission] #

enumFromThen :: Permission -> Permission -> [Permission] #

enumFromTo :: Permission -> Permission -> [Permission] #

enumFromThenTo :: Permission -> Permission -> Permission -> [Permission] #

Generic Permission Source # 
Instance details

Defined in Language.Github.Actions.Permissions

Associated Types

type Rep Permission 
Instance details

Defined in Language.Github.Actions.Permissions

type Rep Permission = D1 ('MetaData "Permission" "Language.Github.Actions.Permissions" "github-actions-0.1.1.0-BjHhRMO6iQ17qdsNXwhDab" 'False) (C1 ('MetaCons "None" 'PrefixI 'False) (U1 :: Type -> Type) :+: (C1 ('MetaCons "Read" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "Write" 'PrefixI 'False) (U1 :: Type -> Type)))

Methods

from :: Permission -> Rep Permission x #

to :: Rep Permission x -> Permission #

Show Permission Source # 
Instance details

Defined in Language.Github.Actions.Permissions

Methods

showsPrec :: Int -> Permission -> ShowS #

show :: Permission -> String #

showList :: [Permission] -> ShowS #

Eq Permission Source # 
Instance details

Defined in Language.Github.Actions.Permissions

Methods

(==) :: Permission -> Permission -> Bool #

(/=) :: Permission -> Permission -> Bool #

Ord Permission Source # 
Instance details

Defined in Language.Github.Actions.Permissions

Methods

compare :: Permission -> Permission -> Ordering #

(<) :: Permission -> Permission -> Bool #

(<=) :: Permission -> Permission -> Bool #

(>) :: Permission -> Permission -> Bool #

(>=) :: Permission -> Permission -> Bool #

max :: Permission -> Permission -> Permission #

min :: Permission -> Permission -> Permission #

type Rep Permission Source # 
Instance details

Defined in Language.Github.Actions.Permissions

type Rep Permission = D1 ('MetaData "Permission" "Language.Github.Actions.Permissions" "github-actions-0.1.1.0-BjHhRMO6iQ17qdsNXwhDab" 'False) (C1 ('MetaCons "None" 'PrefixI 'False) (U1 :: Type -> Type) :+: (C1 ('MetaCons "Read" 'PrefixI 'False) (U1 :: Type -> Type) :+: C1 ('MetaCons "Write" 'PrefixI 'False) (U1 :: Type -> Type)))

gen :: MonadGen m => m Permissions Source #