Skip to content

Add permissions blocks to workflows that lack them #152

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bk2204 merged 2 commits into from
Nov 24, 2025
Merged

Add permissions blocks to workflows that lack them #152

bk2204 merged 2 commits into from
Nov 24, 2025

Conversation

@bk2204
Copy link
Contributor

@bk2204 bk2204 commented Nov 21, 2025

We'd like to run GitHub Actions with the least possible permissions assigned to the token for security reasons. To make this possible, let's add a permissions block to each workflow that lacks one.

In addition, add the missing document header, since this is a best practice and yamllint warns about omitting it.

Fixes #151

@bk2204
workflows: add document header
cf4ba45 
This is a best practice and yamllint warns about omitting it.
@bk2204
workflows: add permissions block
3ca5f0e 
We'd like to run GitHub Actions with the least possible permissions
assigned to the token for security reasons.  To make this possible,
let's add a permissions block to each workflow that lacks one.
@bk2204 bk2204 marked this pull request as ready for review November 21, 2025 18:57
@bk2204 bk2204 requested a review from a team as a code owner November 21, 2025 18:57
Copilot AI review requested due to automatic review settings November 21, 2025 18:57
Copilot finished reviewing on behalf of bk2204 November 21, 2025 18:58
Copilot AI reviewed Nov 21, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR enhances the security posture of GitHub Actions workflows by implementing the principle of least privilege through explicit permissions blocks. It also adds YAML document headers (---) as a best practice.

  • Added permissions: contents: read to test.yml and lint.yml workflows
  • Added YAML document headers (---) to all three workflow files for yamllint compliance

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
.github/workflows/test.yml Added YAML document header and read-only contents permission for test workflow
.github/workflows/release.yml Added YAML document header (permissions already existed)
.github/workflows/lint.yml Added YAML document header and read-only contents permission for linting workflow

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@bk2204 bk2204 merged commit 846ee0b into master Nov 24, 2025
15 checks passed
@bk2204 bk2204 deleted the workflow-permissions branch November 24, 2025 14:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@spicythuna spicythuna spicythuna approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Please define actions workflow permissions

3 participants

@bk2204 @spicythuna