Skip to content

Add permissions blocks to all workflows #244

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
aeisenberg merged 1 commit into from
Feb 14, 2025
Merged

Add permissions blocks to all workflows #244

aeisenberg merged 1 commit into from
Feb 14, 2025

Conversation

@aeisenberg
Copy link
Contributor

@aeisenberg aeisenberg commented Feb 13, 2025

Some security hardening.

Copilot AI review requested due to automatic review settings February 13, 2025 22:37
@aeisenberg aeisenberg requested a review from a team as a code owner February 13, 2025 22:37
Copilot AI reviewed Feb 13, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Overview

This PR seeks to enhance security hardening by adding explicit permissions blocks to selected GitHub workflow files.

  • Added "permissions" block with write access in mirror-main-to-master workflow
  • Added "permissions" block with read access in check-submodule-pointers workflow
  • Removed an extraneous list entry in report-failure workflow

Changes

File Description
.github/workflows/mirror-main-to-master.yml Added permissions block granting write access
.github/workflows/check-submodule-pointers.yml Added permissions block granting read access
.github/workflows/report-failure.yml Removed a stray list item which may affect YAML structure

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

Comments suppressed due to low confidence (1)

.github/workflows/report-failure.yml:26

  • The removal of the '-' on line 26 may affect the YAML array structure; please confirm that this change is intentional and that the workflow syntax remains valid.
   -

Tip: If you use Visual Studio Code, you can request a review from Copilot before you push from the "Source Control" tab. Learn more

adityasharad
adityasharad approved these changes Feb 13, 2025
View reviewed changes
Copy link
Collaborator

@adityasharad adityasharad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Settings?

@aeisenberg
Copy link
Contributor Author

aeisenberg commented Feb 14, 2025

Settings are done. Read only by default.

@aeisenberg aeisenberg merged commit c54a604 into main Feb 14, 2025
1 check passed
@aeisenberg aeisenberg deleted the aeisenberg/permissions branch February 14, 2025 05:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@adityasharad adityasharad adityasharad approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@aeisenberg @adityasharad @Claude @Codex