Commit 1333355
Set appropriate permissions to all Github Actions workflows (#1976)
Potential fix for
[https://github.com/iMicknl/python-overkiz-api/security/code-scanning/19](https://github.com/iMicknl/python-overkiz-api/security/code-scanning/19)
In general, the fix is to explicitly declare a `permissions` block in
the workflow, restricting the `GITHUB_TOKEN` to the minimum scope
required. For this test workflow, read-only access to repository
contents is sufficient, so `contents: read` at the top level is
appropriate. This documents the intended permissions, avoids accidental
write access if organization defaults are broad, and applies to all jobs
that do not override permissions.
The best concrete fix here is to add a root-level `permissions:` block
just after the `name: test` line in `.github/workflows/test.yml`. This
will apply `contents: read` to the entire workflow, including the
`pytest` job. No existing steps need to be changed, and no additional
imports or actions are required because `actions/checkout` and the other
used actions work with read-only contents. Only this YAML file needs
updating, and the change is limited to inserting the new `permissions`
section.
_Suggested fixes powered by Copilot Autofix. Review carefully before
merging._
---------
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>1 parent c2e9e1b commit 1333355
File tree
4 files changed
+12
-0
lines changed- .github/workflows
4 files changed
+12
-0
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
3 | 6 | | |
4 | 7 | | |
5 | 8 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
2 | 5 | | |
3 | 6 | | |
4 | 7 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
8 | 8 | | |
9 | 9 | | |
10 | 10 | | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
11 | 14 | | |
12 | 15 | | |
13 | 16 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
3 | 6 | | |
4 | 7 | | |
5 | 8 | | |
| |||
0 commit comments