Skip to content

fix(ci): add explicit permissions to workflows#38

Merged
rhuanbarreto merged 1 commit into
mainfrom
fix/workflow-permissions
Mar 3, 2026
Merged

fix(ci): add explicit permissions to workflows#38
rhuanbarreto merged 1 commit into
mainfrom
fix/workflow-permissions

Conversation

@rhuanbarreto

Copy link
Copy Markdown
Contributor

Summary

  • Resolves all 3 open code scanning alerts (actions/missing-workflow-permissions)
  • Adds permissions: contents: read to code-pull-request.yml, windows-smoke-test.yml, and update-lock.yaml
  • Follows the principle of least privilege — these workflows only need read access to checkout code (write operations in update-lock.yaml use a GitHub App token, not GITHUB_TOKEN)

Test plan

  • Validate workflow passes on this PR (self-testing — code-pull-request.yml is one of the changed files)
  • Windows smoke test triggers and passes
  • Verify code scanning alerts close after merge

🤖 Generated with Claude Code

Resolves code scanning alerts #1, #2, #3 (actions/missing-workflow-permissions)
by adding `permissions: contents: read` to the three workflows that lacked
a top-level permissions block, following the principle of least privilege.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@rhuanbarreto rhuanbarreto merged commit eddf428 into main Mar 3, 2026
7 checks passed
@rhuanbarreto rhuanbarreto deleted the fix/workflow-permissions branch March 3, 2026 20:09
@archgatebot archgatebot Bot mentioned this pull request Mar 3, 2026
rhuanbarreto added a commit that referenced this pull request Mar 3, 2026
fix(ci): add explicit permissions to workflows missing them

Resolves code scanning alerts #1, #2, #3 (actions/missing-workflow-permissions)
by adding `permissions: contents: read` to the three workflows that lacked
a top-level permissions block, following the principle of least privilege.

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
rhuanbarreto added a commit that referenced this pull request Mar 4, 2026
fix(ci): add explicit permissions to workflows missing them

Resolves code scanning alerts #1, #2, #3 (actions/missing-workflow-permissions)
by adding `permissions: contents: read` to the three workflows that lacked
a top-level permissions block, following the principle of least privilege.

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
This was referenced Mar 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant