Skip to content

Restrict GitHub workflow token permissions to least privilege#8

Merged
hbelmiro merged 1 commit into
mainfrom
copilot/fix-github-workflow-tokens-permissions
Apr 17, 2026
Merged

Restrict GitHub workflow token permissions to least privilege#8
hbelmiro merged 1 commit into
mainfrom
copilot/fix-github-workflow-tokens-permissions

Conversation

Copilot AI commented Apr 17, 2026

Copy link
Copy Markdown
Contributor

The test.yml workflow had no explicit permissions block, defaulting the GITHUB_TOKEN to broad read-write access across all scopes.

  • Added top-level permissions: contents: read — the only scope needed for checkout and brew operations. All other scopes default to none.

@hbelmiro hbelmiro marked this pull request as ready for review April 17, 2026 17:34
@hbelmiro hbelmiro merged commit 961595f into main Apr 17, 2026
2 checks passed
@hbelmiro hbelmiro deleted the copilot/fix-github-workflow-tokens-permissions branch April 17, 2026 17:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants