Skip to content

security: add permissions to GitHub Actions workflows#21

Open
ujwalsah wants to merge 3 commits into
mainfrom
fix/add-workflow-permissions
Open

security: add permissions to GitHub Actions workflows#21
ujwalsah wants to merge 3 commits into
mainfrom
fix/add-workflow-permissions

Conversation

@ujwalsah

@ujwalsah ujwalsah commented May 5, 2026

Copy link
Copy Markdown

Summary

  • Add explicit permissions: contents: read to all workflow files missing a permissions block
  • Follows the principle of least privilege for GitHub Actions tokens
  • Resolves CodeQL alert actions/missing-workflow-permissions (NR-560379)

Test plan

  • Verify CI workflows still pass with the new permissions block
  • Confirm CodeQL alert is resolved after merge

ujwalsah added 2 commits May 5, 2026 14:16
Add explicit `permissions: contents: read` to all workflow files
that were missing a permissions block. This follows the principle of
least privilege and resolves CodeQL alert actions/missing-workflow-permissions.

Resolves: NR-560379
The prerelease workflow uses GITHUB_TOKEN to upload artifacts
to GitHub release assets.
Comment thread .github/workflows/gpgKeys_generation.yml Outdated
The 'Commit public keys to repository' step runs 'git push', which
requires write access to repository contents. contents: read would
cause the push to fail.
@ujwalsah ujwalsah force-pushed the fix/add-workflow-permissions branch from 5440755 to 82a4955 Compare July 13, 2026 08:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants