Skip to content

Comments

chore(ci): add explicit least-privilege workflow permissions#2163

Merged
kevinjqliu merged 2 commits intoapache:mainfrom
kevinjqliu:kevinjqliu/fix-codeql-suggestions
Feb 24, 2026
Merged

chore(ci): add explicit least-privilege workflow permissions#2163
kevinjqliu merged 2 commits intoapache:mainfrom
kevinjqliu:kevinjqliu/fix-codeql-suggestions

Conversation

@kevinjqliu
Copy link
Contributor

@kevinjqliu kevinjqliu commented Feb 23, 2026

Which issue does this PR close?

  • Closes #.

What changes are included in this PR?

Added explicit permissions blocks to GitHub Actions workflows to satisfy CodeQL actions/missing-workflow-permissions. (See the Security tab on Github)
Defaulted workflows to contents: read.

Are these changes tested?

blackmwk
blackmwk approved these changes Feb 24, 2026
View reviewed changes
Copy link
Contributor

@blackmwk blackmwk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @kevinjqliu for this fix!

@kevinjqliu kevinjqliu merged commit d84ae17 into apache:main Feb 24, 2026
21 checks passed
@kevinjqliu kevinjqliu deleted the kevinjqliu/fix-codeql-suggestions branch February 24, 2026 01:52
@kevinjqliu
Copy link
Contributor Author

kevinjqliu commented Feb 24, 2026

nice this closed all but 1 of the security alerts, https://github.com/apache/iceberg-rust/security/code-scanning?query=is%3Aclosed+branch%3Amain

last one should be closed by #2164

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@blackmwk blackmwk blackmwk approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kevinjqliu @blackmwk