Skip to content

fix(sbom): update template permissions and clarify license scope#19

Merged
williaby merged 1 commit into
mainfrom
fix/sbom-template-permissions
Jan 4, 2026
Merged

fix(sbom): update template permissions and clarify license scope#19
williaby merged 1 commit into
mainfrom
fix/sbom-template-permissions

Conversation

@williaby
Copy link
Copy Markdown
Collaborator

@williaby williaby commented Jan 4, 2026
edited by coderabbitai Bot
Loading

Summary

  • Changes workflow-level permissions from read-all to explicit contents: read and security-events: write
  • Removes redundant job-level permissions block
  • Adds clarifying comments that license scanning only affects Python packages (from venv), not OS packages

Context

This aligns the template with the reusable workflow's permission requirements (updated in #18) and documents that GPL license checks apply only to application dependencies, not container OS packages.

Test plan

  • Verify template can be used by downstream repos without permission issues

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Chores
    • Updated workflow permissions to implement granular access controls.
    • Enhanced workflow configuration with improved documentation and comments.
    • Reorganized workflow settings structure for better clarity.

✏️ Tip: You can customize this high-level summary in your review settings.

@williaby @claude
fix(sbom): update template permissions and clarify license scope (#19)
bda8043 
- Change workflow-level permissions from read-all to explicit
  contents: read and security-events: write
- Remove redundant job-level permissions block
- Add comments clarifying that license scanning only affects Python
  packages (from venv), not OS packages

This aligns the template with the reusable workflow's permission
requirements and documents that GPL license checks apply only to
application dependencies, not container OS packages.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Jan 4, 2026
edited
Loading

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Walkthrough

A GitHub Actions workflow configuration file is updated to replace a generic permissions declaration with explicit granular permissions mapping (contents: read, security-events: write) and adds contextual comments documenting GPL license handling behavior.

Changes

Cohort / File(s) Change Summary
Workflow Permissions Configuration
workflow-templates/python-sbom.yml		 Replaces top-level permissions: read-all scalar with granular mapping containing contents: read and security-events: write. Adds GPL handling documentation comments. Restructures fail-on-forbidden-licenses under the with block without behavior changes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 Permissions refined with careful care,
From read-all broad to specifics declared,
Contents and security rights now clear,
With GPL wisdom held dear—
A workflow refined, both precise and fair!

📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3791098 and bda8043.

📒 Files selected for processing (1)
  • workflow-templates/python-sbom.yml

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@williaby williaby merged commit 120ec46 into main Jan 4, 2026
2 of 4 checks passed
@williaby williaby deleted the fix/sbom-template-permissions branch January 4, 2026 00:27
@coderabbitai coderabbitai Bot mentioned this pull request Apr 19, 2026
Merged
3 tasks
@coderabbitai coderabbitai Bot mentioned this pull request May 14, 2026
Merged
5 tasks
@williaby williaby mentioned this pull request May 26, 2026
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@williaby