Skip to content

chore(ci): add explicit least-privilege workflow permissions#15409

Merged
kevinjqliu merged 1 commit intoapache:mainfrom
kevinjqliu:kevinjqliu/fix-codeql-suggestions
Feb 24, 2026
Merged

chore(ci): add explicit least-privilege workflow permissions#15409
kevinjqliu merged 1 commit intoapache:mainfrom
kevinjqliu:kevinjqliu/fix-codeql-suggestions

Conversation

@kevinjqliu
Copy link
Copy Markdown
Contributor

@kevinjqliu kevinjqliu commented Feb 23, 2026

Added explicit permissions blocks to GitHub Actions workflows to satisfy CodeQL actions/missing-workflow-permissions. (See the Security tab on Github)
Defaulted workflows to contents: read.

The one write permission

  • contents: write is set only for the docs publish job in site-ci.yml, because that job pushes generated site content to the gh-pages branch.

@github-actions github-actions Bot added the INFRA label Feb 23, 2026
@kevinjqliu kevinjqliu merged commit 39d5e1d into apache:main Feb 24, 2026
38 checks passed
@kevinjqliu kevinjqliu deleted the kevinjqliu/fix-codeql-suggestions branch February 24, 2026 01:54
RjLi13 pushed a commit to RjLi13/iceberg that referenced this pull request Mar 12, 2026
@kevinjqliu
chore(ci): add explicit least-privilege workflow permissions (apache#…
a3d244e 
…15409)
@kevinjqliu kevinjqliu mentioned this pull request Mar 23, 2026
Closed
talatuyarer pushed a commit to talatuyarer/iceberg that referenced this pull request Apr 1, 2026
@kevinjqliu @talatuyarer
chore(ci): add explicit least-privilege workflow permissions (apache#…
83677d5 
…15409)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@huaxingao huaxingao huaxingao approved these changes

@singhpk234 singhpk234 Awaiting requested review from singhpk234

Assignees

No one assigned

Labels

INFRA

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kevinjqliu @huaxingao