chore(ci): Maximize CI/CD values (Dependabot & Permissions)#1
chore(ci): Maximize CI/CD values (Dependabot & Permissions)#1hyperpolymath merged 2 commits intomainfrom
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 5d0f95ae74
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| else | ||
| echo "✅ Core documentation present" | ||
| fi | ||
| permissions: read-all |
There was a problem hiding this comment.
read-all with the scopes this workflow uses
If this repository or org is using GitHub's restricted default GITHUB_TOKEN, this new workflow-level setting widens every job here instead of preserving that default. GitHub applies workflow permissions after the repository default, so both the shell-only docs job and the third-party trufflesecurity/trufflehog step now get read access to unrelated scopes such as issues, packages, and discussions that they never use. Declaring only the minimal scopes for this workflow (for example contents: read) avoids silently weakening least-privilege hardening.
Useful? React with 👍 / 👎.
1 participant
This automated PR updates your CI/CD configurations to maximize value and security.
github-actionsis monitored for updates.permissions: read-allto workflows missing explicit permissions.