Skip to content

Add explicit permissions to Copilot workflows#3

Merged
raykao merged 2 commits intoraykao/sitoader-agentic-workflowsfrom
copilot/sub-pr-2
Jan 30, 2026
Merged

Add explicit permissions to Copilot workflows#3
raykao merged 2 commits intoraykao/sitoader-agentic-workflowsfrom
copilot/sub-pr-2

Conversation

Copy link
Contributor

Copilot AI commented Jan 30, 2026
edited
Loading

CodeQL flagged missing permissions blocks in copilot.generate-tests.yml and copilot.generate-docs.yml. Both workflows use Copilot CLI with GitHub MCP tools to analyze commits and create issues when test coverage or documentation is insufficient.

Changes:

  • Added explicit permissions: blocks to both workflow jobs: 
    permissions:
  contents: read    # Repository access for commit diffs
  issues: write     # Create GitHub issues via MCP tools

This follows least-privilege principles while maintaining workflow functionality.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI mentioned this pull request Jan 30, 2026
Merged
@raykao raykao marked this pull request as ready for review January 30, 2026 05:25
@raykao raykao marked this pull request as draft January 30, 2026 05:26
@raykao
Add explicit permissions to Copilot workflows for repo read and issue…
397dd72 
… creation

Co-authored-by: raykao <860691+raykao@users.noreply.github.com>
Copilot AI changed the title [WIP] Update agentic workflows for copilot CLI permissions Add explicit permissions to Copilot workflows Jan 30, 2026
Copilot AI requested a review from raykao January 30, 2026 05:29
raykao
raykao approved these changes Jan 30, 2026
View reviewed changes
Copy link
Contributor

@raykao raykao left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@raykao raykao marked this pull request as ready for review January 30, 2026 18:24
@raykao raykao merged commit a75924a into raykao/sitoader-agentic-workflows Jan 30, 2026
1 check failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@raykao raykao raykao approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@raykao raykao

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@raykao