Skip to content

fix: add contents:read permission to Scorecard workflow#1443

Merged
liudger merged 2 commits intomainfrom
fix/scorecard-permissions
Apr 16, 2026
Merged

fix: add contents:read permission to Scorecard workflow#1443
liudger merged 2 commits intomainfrom
fix/scorecard-permissions

Conversation

@liudger
Copy link
Copy Markdown
Owner

@liudger liudger commented Apr 16, 2026

This pull request makes a small update to the .github/workflows/scorecard.yml workflow by adding explicit contents: read permission. This clarifies the permissions required for the workflow to run successfully.

Copilot AI review requested due to automatic review settings April 16, 2026 10:18
@liudger liudger added bugfix Inconsistencies or issues which will cause a problem for users or implementers. ci Work that improves the continue integration. labels Apr 16, 2026
Copilot AI reviewed Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds an explicit contents: read permission to the Scorecard workflow’s analysis job to ensure the job still has repository read access when job-level permissions are specified.

Changes:

  • Explicitly grants contents: read at the job level in .github/workflows/scorecard.yml.

@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 16, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.89%. Comparing base (ed54f8b) to head (c9e9edd).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1443   +/-   ##
=======================================
  Coverage   99.89%   99.89%           
=======================================
  Files           6        6           
  Lines         955      955           
  Branches      128      128           
=======================================
  Hits          954      954           
  Partials        1        1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@liudger liudger merged commit 86290c4 into main Apr 16, 2026
10 checks passed
@liudger liudger deleted the fix/scorecard-permissions branch April 16, 2026 10:22
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 16, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@github-actions github-actions Bot locked and limited conversation to collaborators Apr 18, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

bugfix Inconsistencies or issues which will cause a problem for users or implementers. ci Work that improves the continue integration.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@liudger