Skip to content

Commit f6a66cc

Browse files
jonn-smithclaude
andauthored
test: PR build (#1)
* test: PR build * ci(docker): grant actions:read so SARIF upload can call workflow-runs API codeql-action/upload-sarif calls GET /actions/runs/:id to attach results to the run. Without actions:read it 403s ("Resource not accessible by integration") and the scan job fails after Trivy already produced the SARIF. Add actions: read to both build-scan and rescan-latest job permissions. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Jonn Smith <11667487+jonn-smith@users.noreply.github.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1 parent b807a9d commit f6a66cc

2 files changed

Lines changed: 4 additions & 0 deletions

File tree

.github/workflows/docker.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -108,6 +108,7 @@ jobs:
108108
contents: read
109109
packages: write
110110
security-events: write
111+
actions: read
111112
strategy:
112113
fail-fast: false
113114
matrix:
@@ -299,6 +300,7 @@ jobs:
299300
contents: read
300301
packages: read
301302
security-events: write
303+
actions: read
302304
strategy:
303305
fail-fast: false
304306
matrix:

docker/hvp-monolith/Dockerfile

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,3 +22,5 @@ COPY LICENSE /opt/hvp-lr/LICENSE
2222

2323
# Set working directory
2424
WORKDIR /data
25+
26+
# noop

0 commit comments

Comments
 (0)