Skip to content

Set appropriate content permissions for workflows#216

Merged
hbelmiro merged 1 commit into
kgrep-org:mainfrom
hbelmiro:workflows
Apr 16, 2026
Merged

Set appropriate content permissions for workflows#216
hbelmiro merged 1 commit into
kgrep-org:mainfrom
hbelmiro:workflows

Conversation

@hbelmiro
Copy link
Copy Markdown
Collaborator

@hbelmiro hbelmiro commented Apr 16, 2026

No description provided.

@hbelmiro
Set appropriate content permissions for workflows
a1a76fe 
Signed-off-by: Helber Belmiro <helber.belmiro@gmail.com>
@hbelmiro hbelmiro requested a review from Copilot April 16, 2026 13:58
@hbelmiro hbelmiro added this to the Next release milestone Apr 16, 2026
Copilot AI reviewed Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR tightens GitHub Actions GITHUB_TOKEN permissions by defaulting workflows to read-only contents access and scoping elevated contents: write to only the release publishing job.

Changes:

  • Add permissions: contents: read to unit and integration test workflows.
  • Change release workflow default permissions to contents: read.
  • Add job-scoped contents: write permission to the release-publishing job.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File Description
.github/workflows/unit-tests.yaml Adds workflow-level contents: read permissions.
.github/workflows/integration-tests.yaml Adds workflow-level contents: read permissions.
.github/workflows/release.yaml Moves contents: write from workflow scope to the release job; default becomes contents: read.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/unit-tests.yaml
branches: [ "main" ]

permissions:
contents: read
Comment thread .github/workflows/release.yaml

permissions:
contents: write
contents: read
Comment thread .github/workflows/release.yaml
release:
needs: [build-linux-amd64, build-linux-arm64, build-windows-amd64, build-windows-arm64, build-macos-amd64, build-macos-arm64]
runs-on: ubuntu-latest
permissions:
@hbelmiro hbelmiro marked this pull request as ready for review April 16, 2026 14:09
@hbelmiro hbelmiro merged commit b3349e9 into kgrep-org:main Apr 16, 2026
8 checks passed
@hbelmiro hbelmiro deleted the workflows branch April 16, 2026 14:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

Next release

Development

Successfully merging this pull request may close these issues.

2 participants

@hbelmiro