Skip to content

fix: add explicit permissions to validate workflows#2

Merged
ibuyspy merged 1 commit into
mainfrom
fix/add-workflow-permissions
Apr 16, 2026
Merged

fix: add explicit permissions to validate workflows#2
ibuyspy merged 1 commit into
mainfrom
fix/add-workflow-permissions

Conversation

@ibuyspy
Copy link
Copy Markdown
Contributor

@ibuyspy ibuyspy commented Apr 16, 2026

Summary

Adds top-level permissions: contents: read to two workflow files that were missing explicit permission blocks, resolving CodeQL code scanning alerts #1–#4 (actions/missing-workflow-permissions).

Files changed

  • .github/workflows/validate-basecoat.yml — 3 jobs (validate-commit-messages, validate-unix, validate-windows), all read-only
  • .github/workflows/validate-repo-template-sample.yml — 1 job (validate-sample-template), read-only

Already OK (no changes needed)

  • package-basecoat.yml — already has permissions: contents: write
  • prd-spec-gate.yml — already has permissions: contents: read + pull-requests: read

Fixes code scanning alerts #1, #2, #3, #4.

@ivegamsft
fix: add explicit permissions to validate workflows
a7c35c4 
Add top-level permissions block (contents: read) to validate-basecoat.yml
and validate-repo-template-sample.yml to resolve CodeQL code scanning
alerts #1-#4 (actions/missing-workflow-permissions).

The other two workflows (package-basecoat.yml and prd-spec-gate.yml)
already have appropriate permissions blocks.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@ibuyspy ibuyspy merged commit 78c9e3c into main Apr 16, 2026
6 checks passed
@ibuyspy ibuyspy mentioned this pull request Apr 16, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ibuyspy @ivegamsft