Add explicit permissions to 7 workflows by Copilot · Pull Request #2607 · github/gh-aw

Copilot · 2025-10-27T12:17:57Z

Seven workflows lacked explicit permissions: declarations, relying on GitHub Actions defaults. Analysis of workflow run #18840321667 showed permission-denied warnings in production.

Changes

Smoke test workflows (5 files) - Read-only main job pattern with PR access:

permissions:
  contents: read
  actions: read
  pull-requests: read

smoke-copilot.md
smoke-claude.md
smoke-codex.md
smoke-opencode.md
smoke-copilot.firewall.md

These use strict: true with safe-outputs.create-issue, so write operations happen in separate jobs. The pull-requests: read permission is required for reading merged pull requests.

Daily news workflow - Read-all permissions:

permissions: read-all

daily-news.md

Uses permissions: read-all to access all repository data including discussions, issues, and pull requests.

Notion workflow - Read-only analysis:

permissions:
  contents: read
  issues: read
  actions: read

notion-issue-summary.md

Impact

Explicit permission model prevents reliance on GitHub Actions defaults
Follows least privilege principle
Protects against future GitHub permission model changes

Original prompt

This section details on the original issue you should resolve

<issue_title>[q] Add explicit permissions to 7 workflows</issue_title>
<issue_description># Q Workflow Optimization Report

Investigation Summary

This PR is the result of a /q investigate permissions command investigation into workflow permissions across the gh-aw repository, analyzing live workflow run data from the past 7 days.

Issues Found (from live data)

Missing Explicit Permissions

Problem: 7 workflows lacked explicit permissions: declarations, relying on GitHub Actions default permissions.

Evidence from Live Runs:

Run githubnext/gh-aw#18840321667 (Smoke Copilot): 9 warnings - "Permission denied and could not request permission from user"
Pattern: copilot-permission-denied
Root Cause: Missing explicit permission declarations led to reliance on defaults
Data Sources: Analyzed 15 workflow runs over 7 days (2M+ tokens, $1.64 cost)

Workflows Without Explicit Permissions

smoke-copilot.md
smoke-claude.md
smoke-codex.md
smoke-opencode.md
smoke-copilot.firewall.md
daily-news.md
notion-issue-summary.md

Changes Made

Added Explicit Permissions

All 7 workflows now have explicit permissions: declarations following the principle of least privilege:

Smoke Workflows (5 files)

Pattern: Read-only main job + safe-outputs for write operations

permissions:
  contents: read    # For reading repository code
  actions: read     # For workflow metadata

Files modified:

smoke-copilot.md
smoke-claude.md
smoke-codex.md
smoke-opencode.md
smoke-copilot.firewall.md

Key Point: These workflows use safe-outputs.create-issue with strict: true, so write permissions are handled by separate safe-outputs jobs.

Daily News Workflow

permissions:
  contents: read      # For reading repository code
  discussions: write  # Required for safe-outputs create-discussion job
  actions: read       # For workflow metadata

Note: Uses safe-outputs.create-discussion but NOT in strict mode, so requires explicit write permission.

Notion Issue Summary Workflow

permissions:
  contents: read    # For reading repository code
  issues: read      # For reading issue content
  actions: read     # For workflow metadata

Note: Read-only workflow, no safe-outputs used.

Validation

All modified workflows compiled successfully using gh-aw compile:

✅ smoke-copilot.md (202.8 KB)
✅ smoke-claude.md (177.7 KB)
✅ smoke-codex.md (160.1 KB)
✅ smoke-opencode.md (136.9 KB)
✅ smoke-copilot.firewall.md (202.9 KB)
✅ daily-news.md (210.3 KB)
✅ notion-issue-summary.md (163.1 KB)

Expected Improvements

Security

Explicit permission model: No longer relies on implicit GitHub Actions defaults
Reduced attack surface: Main AI jobs run with minimal read-only permissions
Compliance: Follows principle of least privilege

Reliability

Protection from default changes: Workflows won't break if GitHub changes default permissions
Clear documentation: Each workflow explicitly declares what it can access
Safe-outputs pattern: Write operations isolated in separate jobs

Maintainability

Self-documenting: Permissions field shows exactly what each workflow can do
Easier auditing: Clear view of permission requirements
Consistent pattern: All workflows follow same permission model

Key Learnings

Strict Mode Behavior: Workflows with strict: true cannot have write permissions in main job
Safe-Outputs Architecture: Issue/discussion creation happens in separate jobs with appropriate permissions
Explicit > Implicit: All workflows should declare permissions explicitly
Read-Only Default: Main AI jobs should have minimal read permissions

Investigation Details

Data Sources (all from live workflow runs - no fabricated data):

Workflow Runs Analyzed: 15 runs
Time Period: Last 7 days (2025-10-20 to 2025-10-27)
Total Duration: 40.4 minutes
Total Tokens: 2,053,997
Total Cost: $1.64
Run IDs: 18840301682, 18840299097, 18821713918, 18821735224, and 11 others
Logs Location: /tmp/gh-aw/aw-mcp/logs/

References

Investigation triggered by: Daily Firewall Report - 2025-10-27 #2594 (discussion comment)
Log analysis tool: gh aw logs MCP server
Compilation validation: gh aw compile MCP server

Note: This PR modifies only .md workflow files. Lock files (.lock.yml) will be regenerated automatically after merge.

AI generated by Q

[!NOTE]
This was originally intended as a pull request, but the git push operation failed.

Workflow Run: View run details and download patch artifact

The patch file is available as an artifact (aw.patch) in the work...

Fixes [q] Add explicit permissions to 7 workflows #2605

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>

pelikhan · 2025-10-27T12:41:35Z

.github/workflows/daily-news.md

    - cron: "0 9 * * 1-5"
  workflow_dispatch:

+permissions:


@copilot needs read-all

Changed to permissions: read-all in b9fcf87

pelikhan · 2025-10-27T12:42:03Z

.github/workflows/smoke-claude.md

    - cron: "0 0,6,12,18 * * *"  # Every 6 hours
  workflow_dispatch:
+permissions:
+  contents: read


@copilot needs pull request read