WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

chore: Add explicit permissions to PR linting workflow #128

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jperals wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore: Add explicit permissions to PR linting workflow #128

jperals wants to merge 1 commit into from

Conversation

@jperals
Copy link
Member

@jperals jperals commented Nov 20, 2025

Potential fix for https://github.com/cloudscape-design/chart-components/security/code-scanning/1

General Fix:
To address this, add a permissions block specifying only the least privileges required at either the workflow level (root, for all jobs) or, if some jobs need different permissions, inside the job(s) themselves. Since the only job in this file delegates to an external composite workflow, and without knowledge of any elevated permissions being required, the safest minimal starting point is to set permissions: read-all at the root of the workflow file (which gives all scopes read access only).

Detailed Fix:
Insert a permissions: block after the workflow's name: field and before on:, at the root level, with a value of read-all. This ensures that the workflow (and any called reusable workflow) receives only read-only access tokens by default, reducing the risk of unwanted repo modification. This is compliant with recommendations and does not otherwise affect workflow behavior.

Changes needed:

  • Edit .github/workflows/lint-pr.yml
  • Insert a block: 
    permissions: read-all
    after line 1.
  • No imports, methods, or other regions require editing or new dependencies.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@jperals @github-advanced-security
chore: Add explicit permissions to PR linting workflow
0065ceb 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@jperals jperals changed the title Potential fix for code scanning alert no. 1: Workflow does not contain permissions chore: Add explicit permissions to PR linting workflow Nov 20, 2025
@jperals jperals marked this pull request as ready for review December 3, 2025 09:20
@jperals jperals requested a review from pan-kot as a code owner December 3, 2025 09:20
@jperals jperals enabled auto-merge December 3, 2025 09:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pan-kot pan-kot Awaiting requested review from pan-kot

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jperals