Skip to content

Update workflow permissions #400

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 15, 2025
Merged

Update workflow permissions #400

merged 1 commit into from
Aug 15, 2025

Conversation

@martincostello
Copy link
Owner

@martincostello martincostello commented Aug 15, 2025

Set workflow permissions to none and add job-level permissions instead.

@martincostello
Update workflow permissions
df86d1f 
Set workflow permissions to none and add job-level permissions instead.
Copilot AI review requested due to automatic review settings August 15, 2025 16:06
@martincostello martincostello added enhancement New feature or request github_actions Pull requests that update GitHub Actions code labels Aug 15, 2025
@martincostello martincostello enabled auto-merge (rebase) August 15, 2025 16:06
Copilot AI reviewed Aug 15, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Updates GitHub workflow permissions to follow the principle of least privilege by setting workflow-level permissions to none and explicitly defining job-level permissions instead.

  • Replaces workflow-level contents: read permissions with empty permissions object
  • Adds explicit contents: read permissions at the job level for each workflow
  • Applies consistent permission structure across lint, build, and benchmark workflows

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File Description
.github/workflows/lint.yml Moves contents read permission from workflow to job level
.github/workflows/build.yml Moves contents read permission from workflow to job level
.github/workflows/benchmark.yml Moves contents read permission from workflow to job level

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@martincostello martincostello merged commit ca0f188 into main Aug 15, 2025
9 checks passed
@martincostello martincostello deleted the update-permissions branch August 15, 2025 16:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

enhancement New feature or request github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@martincostello