Skip to content

Tighten workflow-level permissions#23

Merged
wagoodman merged 1 commit into
mainfrom
remediate-audit
May 8, 2026
Merged

Tighten workflow-level permissions#23
wagoodman merged 1 commit into
mainfrom
remediate-audit

Conversation

@wagoodman

Copy link
Copy Markdown
Contributor

Move top-level workflow permissions from contents: read to {} (empty) across all three workflow files, pushing contents: read down to the job level where it's actually needed.

Changes:

  • release.yaml: top-level permissions: contents: readpermissions: {}; job-level permissions already present
  • validate-github-actions.yaml: top-level permissions: contents: readpermissions: {}; job-level permissions already present
  • validations.yml: top-level permissions: contents: readpermissions: {}; added contents: read to each job

Notes:

  • no functional change; each job retains the same effective permissions it had before

Move top-level permissions from contents:read to {} (empty) in all
three workflow files, pushing contents:read down to the job level
where it is actually needed.

Signed-off-by: workflow-audit-bot <wagoodman@gmail.com>
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@wagoodman wagoodman added the changelog-ignore do not add a entry for this when generating the changelog label May 8, 2026
@wagoodman wagoodman merged commit c5aa8e1 into main May 8, 2026
8 checks passed
@wagoodman wagoodman deleted the remediate-audit branch May 8, 2026 20:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

changelog-ignore do not add a entry for this when generating the changelog

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant