Potential fix for code scanning alert no. 6: Workflow does not contain permissions

[JamieSinn]

Potential fix for https://github.com/DevCycleHQ/feature-flag-code-usage-action/security/code-scanning/6

To fix the problem, add a permissions block to restrict the GITHUB_TOKEN access to only the necessary scopes for this job. The most secure starting point is to set contents: read, and then expand with additional permissions as needed (for example, issues: write or pull-requests: write if the workflow creates or updates issues/pull requests). In this snippet, we cannot see any evidence that write access is needed (no calls to push, PR, or issue creation), so contents: read suffices as a minimal default. Place the permissions block either at the workflow root (applies to all jobs) or within the dvc-code-usages job itself (applies only to this job). For simplicity and minimal change, add it at the root, immediately following name: on line 4.

No new methods or imports are needed.

---

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[Copilot]

Pull request overview

This PR addresses a GitHub code scanning security alert by adding an explicit permissions block to the workflow file. The change implements the principle of least privilege by restricting the GITHUB_TOKEN to only contents: read access, which is the minimum permission required for this workflow.

Key Changes:

• Added permissions: contents: read at the workflow root level to restrict GITHUB_TOKEN access

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.