Skip to content

Add soup approval workflow#31

Merged
nasirky merged 1 commit intodevelopfrom
add-approval-workflow
Oct 27, 2025
Merged

Add soup approval workflow#31
nasirky merged 1 commit intodevelopfrom
add-approval-workflow

Conversation

@nasirky
Copy link

@nasirky nasirky commented Oct 27, 2025

No description provided.

@nasirky nasirky merged commit ffcc3b0 into develop Oct 27, 2025
1 of 8 checks passed
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 27, 2025
View reviewed changes
.github/workflows/soup-approval-verification.yml
Comment on lines +9 to +10
uses: QuickBirdEng/workflows/.github/workflows/soup-approval-verification-workflow.yml@main
secrets: inherit

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI 3 months ago

To fix the problem, add a permissions block specifying the least privilege needed. For workflows that only need to read repository contents, use contents: read (or further restrict as per actual requirements). The permissions block can be added either at the workflow root (before or after on:), which applies to all jobs, or to the specific job if jobs may need differing permissions. Since this workflow only defines one job (soups), and uses a reusable workflow, adding permissions at the root is the cleanest minimal fix. Edit .github/workflows/soup-approval-verification.yml to insert a permissions: block (e.g., contents: read) above the jobs: section.

Suggested changeset 1
.github/workflows/soup-approval-verification.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/soup-approval-verification.yml b/.github/workflows/soup-approval-verification.yml
--- a/.github/workflows/soup-approval-verification.yml
+++ b/.github/workflows/soup-approval-verification.yml
@@ -4,6 +4,9 @@
   pull_request_review:
     types: [submitted]
 
+permissions:
+  contents: read
+
 jobs:
   soups:
     uses: QuickBirdEng/workflows/.github/workflows/soup-approval-verification-workflow.yml@main
EOF
@@ -4,6 +4,9 @@
pull_request_review:
types: [submitted]

permissions:
contents: read

jobs:
soups:
uses: QuickBirdEng/workflows/.github/workflows/soup-approval-verification-workflow.yml@main
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nasirky