Skip to content

ci: restrict workflow token permissions#71

Open
nanookclaw wants to merge 1 commit into
rjsadow:mainfrom
nanookclaw:fix/ci-workflow-permissions
Open

ci: restrict workflow token permissions#71
nanookclaw wants to merge 1 commit into
rjsadow:mainfrom
nanookclaw:fix/ci-workflow-permissions

Conversation

@nanookclaw

Copy link
Copy Markdown

Summary

Adds an explicit top-level permissions block to the CI workflow with contents: read. This gives the workflow the minimum repository token scope needed for checkout/read-only jobs instead of relying on GitHub's default token permissions.

This addresses #63 without changing the trigger, job matrix, actions, or build/test behavior.

Verification

  • Parsed .github/workflows/ci.yml with PyYAML and confirmed permissions.contents == "read"
  • Ran git diff --check

Closes #63

Signed-off-by: Nanook <nanookclaw@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add workflow permissions to CI workflow

1 participant