Skip to content

fix(workflows): add id-token permission for gen-library-impl workflow#85

Merged
MarkusNeusinger merged 1 commit intomainfrom
fix/gen-library-impl-permissions
Dec 1, 2025
Merged

fix(workflows): add id-token permission for gen-library-impl workflow#85
MarkusNeusinger merged 1 commit intomainfrom
fix/gen-library-impl-permissions

Conversation

@MarkusNeusinger
Copy link
Copy Markdown
Owner

@MarkusNeusinger MarkusNeusinger commented Dec 1, 2025

Summary

  • Add missing id-token: write permission to gen-library-impl.yml
  • Required for Claude Code action's OIDC authentication

Test

Copilot AI review requested due to automatic review settings December 1, 2025 16:12
@MarkusNeusinger MarkusNeusinger merged commit 58567b5 into main Dec 1, 2025
6 checks passed
@MarkusNeusinger MarkusNeusinger deleted the fix/gen-library-impl-permissions branch December 1, 2025 16:12
@codecov
Copy link
Copy Markdown

codecov Bot commented Dec 1, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Copilot AI reviewed Dec 1, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a missing permission configuration in the gen-library-impl.yml workflow by adding id-token: write, which is required for the Claude Code action's OIDC authentication mechanism. The change aligns this workflow with three other workflows in the repository (bot-ai-review.yml, bot-validate-request.yml, and util-claude.yml) that already have this permission configured.

Key Changes:

  • Added id-token: write permission to the job-level permissions block

You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.

MarkusNeusinger added a commit that referenced this pull request Dec 1, 2025
@MarkusNeusinger
fix(workflows): add id-token permission for gen-library-impl workflow (
8f572f6 
…#85)

## Summary
- Add missing `id-token: write` permission to `gen-library-impl.yml`
- Required for Claude Code action's OIDC authentication

## Test
- Rerun generation on Issue #75 after merge
MarkusNeusinger added a commit that referenced this pull request Jan 6, 2026
@MarkusNeusinger @claude
fix(security): address CodeQL XSS alerts #84 and #85
485d97f 
- seo.py: escape spec_id in title for DB-unavailable fallback
- proxy.py: add security headers (X-Content-Type-Options, Referrer-Policy)
- proxy.py: add security comment documenting trusted GCS content model
- test_proxy.py: add test for security headers

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MarkusNeusinger