From cb4e8b52859158173ee2d88b5939f0453730f279 Mon Sep 17 00:00:00 2001 From: Jonathan Perron Date: Wed, 28 May 2025 17:33:35 +0200 Subject: [PATCH 1/2] Potential fix for code scanning alert no. 1: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/tests.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 0d84e9c..16e2f05 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -2,6 +2,9 @@ name: Test code on: pull_request +permissions: + contents: read + jobs: build: runs-on: ubuntu-latest From e5f94fb1f3448d1cab02a815e420d4c8e52040d6 Mon Sep 17 00:00:00 2001 From: Jonathan Perron Date: Wed, 28 May 2025 18:02:48 +0200 Subject: [PATCH 2/2] fix(github): add permission block in workflows --- .github/workflows/pre-commit_ci.yaml | 4 ++++ .github/workflows/pre-release.yaml | 3 +++ .github/workflows/release.yaml | 3 +++ 3 files changed, 10 insertions(+) diff --git a/.github/workflows/pre-commit_ci.yaml b/.github/workflows/pre-commit_ci.yaml index 9580ad0..4ff2b78 100644 --- a/.github/workflows/pre-commit_ci.yaml +++ b/.github/workflows/pre-commit_ci.yaml @@ -2,6 +2,10 @@ name: Pre Commit CI on: pull_request +permissions: + contents: read + + jobs: build: runs-on: ubuntu-latest diff --git a/.github/workflows/pre-release.yaml b/.github/workflows/pre-release.yaml index 498c52f..4b72c51 100644 --- a/.github/workflows/pre-release.yaml +++ b/.github/workflows/pre-release.yaml @@ -4,6 +4,9 @@ on: release: types: [prereleased] +permissions: + contents: read + jobs: pre-release-build: runs-on: ubuntu-latest diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 91bf710..d3395e4 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -4,6 +4,9 @@ on: release: types: [released] +permissions: + contents: read + jobs: release-build: runs-on: ubuntu-latest