Skip to content

VLN-524: Set explicit permissions for GitHub Actions workflows #62

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cretz merged 1 commit into from
Oct 27, 2025
Merged

VLN-524: Set explicit permissions for GitHub Actions workflows #62

cretz merged 1 commit into from
Oct 27, 2025

Conversation

@picatz
Copy link
Contributor

@picatz picatz commented Oct 27, 2025

Summary

  • .github/workflows/ci.yml: Added a workflow-level GITHUB_TOKEN permissions block restricting access to contents: read for least-privilege coverage across all jobs.

@picatz
Set explicit permissions for GitHub Actions workflows
d29455c 
This change was made by an automated process to ensure all GitHub Actions workflows have explicitly defined permissions as per best practices.
@picatz picatz requested a review from a team as a code owner October 27, 2025 16:57
cretz
cretz approved these changes Oct 27, 2025
View reviewed changes
Copy link
Member

@cretz cretz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@cretz
Copy link
Member

cretz commented Oct 27, 2025
edited
Loading

@picatz - This has shown that one of our tests connects to the public internet improperly. We will fix (see #63), but I wonder why it only showed up on macos and not ubuntu? I assume the former does some writing the latter doesn't?

EDIT: Actually, this appears unrelated to this PR and is just a side-effect of us having not run these tests in two weeks. We will fix CI alongside #63.

@cretz cretz mentioned this pull request Oct 27, 2025
Closed
@picatz
Copy link
Contributor Author

picatz commented Oct 27, 2025
edited
Loading

@cretz thank you for the review! Looks like I don't have the ability to merge this PR, can you click the button for me? 😄

@cretz
Copy link
Member

cretz commented Oct 27, 2025

CI is failing which we have configured to prevent merge. I was hoping that we could get #63 solved, but it could be a couple of weeks, so I'll go ahead and bypass CI checks for this PR and merge.

@cretz cretz merged commit 5f8b574 into main Oct 27, 2025
7 of 11 checks passed
@cretz cretz deleted the security-campaign/set-explicit-github-actions-permissions branch October 27, 2025 18:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cretz cretz cretz approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@picatz @cretz