Skip to content

Update workflow permissions#146

Merged
martincostello merged 1 commit intomainfrom
update-permissions
Aug 15, 2025
Merged

Update workflow permissions#146
martincostello merged 1 commit intomainfrom
update-permissions

Conversation

@martincostello
Copy link
Owner

@martincostello martincostello commented Aug 15, 2025

Set workflow permissions to none and add job-level permissions instead.

@martincostello
Update workflow permissions
e6e3d03 
Set workflow permissions to none and add job-level permissions instead.
Copilot AI review requested due to automatic review settings August 15, 2025 16:09
@martincostello martincostello added enhancement New feature or request github_actions Pull requests that update GitHub Actions code labels Aug 15, 2025
@martincostello martincostello enabled auto-merge (rebase) August 15, 2025 16:09
Copilot AI reviewed Aug 15, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This pull request updates GitHub workflow permissions by setting workflow-level permissions to none ({}) and moving the contents: read permission to the job level for better security isolation. This follows the principle of least privilege by ensuring only individual jobs have access to the permissions they need.

Key changes:

  • Workflow-level permissions changed from contents: read to empty object
  • Job-level permissions added with contents: read for each job
  • Consistent permission structure applied across all workflows

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
.github/workflows/lint.yml Moved contents: read permission from workflow to job level
.github/workflows/build.yml Moved contents: read permission from workflow to job level
.github/workflows/benchmark.yml Moved contents: read permission from workflow to job level

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@martincostello martincostello merged commit 8040b66 into main Aug 15, 2025
8 checks passed
@martincostello martincostello deleted the update-permissions branch August 15, 2025 16:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

enhancement New feature or request github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@martincostello