Commit f6a66cc
test: PR build (#1)
* test: PR build
* ci(docker): grant actions:read so SARIF upload can call workflow-runs API
codeql-action/upload-sarif calls GET /actions/runs/:id to attach
results to the run. Without actions:read it 403s ("Resource not
accessible by integration") and the scan job fails after Trivy
already produced the SARIF.
Add actions: read to both build-scan and rescan-latest job permissions.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Jonn Smith <11667487+jonn-smith@users.noreply.github.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>1 parent b807a9d commit f6a66cc
2 files changed
Lines changed: 4 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
108 | 108 | | |
109 | 109 | | |
110 | 110 | | |
| 111 | + | |
111 | 112 | | |
112 | 113 | | |
113 | 114 | | |
| |||
299 | 300 | | |
300 | 301 | | |
301 | 302 | | |
| 303 | + | |
302 | 304 | | |
303 | 305 | | |
304 | 306 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
22 | 22 | | |
23 | 23 | | |
24 | 24 | | |
| 25 | + | |
| 26 | + | |
0 commit comments