Skip to content

Address filed configuration and doc defects#364

Merged
ptr727 merged 1 commit into
developfrom
fix/filed-config-defects
Jun 30, 2026
Merged

Address filed configuration and doc defects#364
ptr727 merged 1 commit into
developfrom
fix/filed-config-defects

Conversation

@ptr727

@ptr727 ptr727 commented Jun 30, 2026

Copy link
Copy Markdown
Owner
  • configure.sh: drop 2>/dev/null in check_security so gh's error surfaces (matches check_secrets).
  • WORKFLOW.md D7.2/section 2: reword so it no longer claims reusable tasks declare permissions (they run under the caller's least-privilege grant).

Closes #359

Validation: shellcheck + actionlint + markdownlint clean; line endings preserved.

🤖 Generated with Claude Code

- configure.sh: drop 2>/dev/null in check_security so gh's error surfaces (matches check_secrets).
- WORKFLOW.md D7.2/section 2: reword so it no longer claims reusable tasks *declare* permissions (they run under the caller's least-privilege grant).

Closes #359

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings June 30, 2026 03:31

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses a small but important diagnostics gap in the repository configuration audit script and corrects/clarifies workflow documentation around reusable workflow permissions, aligning the docs with GitHub Actions’ caller-scoped permission model.

Changes:

  • repo-config/configure.sh: stop suppressing gh api stderr in check_security() so auth/API failures surface clearly (matching the hardened behavior used elsewhere in the script).
  • WORKFLOW.md: reword the reusable-workflow permissions guidance (section 2 and D7.2) to avoid implying the callee “declares” permissions, and instead reflect that the caller grants least-privilege permissions at the uses: job.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
WORKFLOW.md Clarifies reusable workflow permissions behavior and the “skipped jobs still need valid permissions” rule wording.
repo-config/configure.sh Removes 2>/dev/null from the automated-security-fixes audit call so gh errors are visible and actionable.

@ptr727 ptr727 merged commit db76ede into develop Jun 30, 2026
10 checks passed
@ptr727 ptr727 deleted the fix/filed-config-defects branch June 30, 2026 03:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants