[PR #413] [MERGED] Potential fix for code scanning alert no. 4: Workflow does not contain permissions #493

New issue

Closed

opened 2026-03-03 13:47:46 +03:00 by kerem · 0 comments

kerem commented

2026-03-03 13:47:46 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/gopher64/gopher64/pull/413
Author: @loganmc10
Created: 6/3/2025
Status: ✅ Merged
Merged: 6/3/2025
Merged by: @loganmc10

Base: main ← Head: alert-autofix-4

📝 Commits (1)

a4593f5 Potential fix for code scanning alert no. 4: Workflow does not contain permissions

📊 Changes

1 file changed (+2 additions, -0 deletions)

View changed files

📝 .github/workflows/build.yml (+2 -0)

📄 Description

Potential fix for https://github.com/gopher64/gopher64/security/code-scanning/4

To fix the issue, we will add a permissions block at the workflow level to restrict the GITHUB_TOKEN to contents: read. This is sufficient for the current workflow, as it primarily involves building and uploading artifacts, which do not require write permissions. The permissions block will be added at the top of the workflow, just below the name field, to apply to all jobs in the workflow.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/gopher64/gopher64/pull/413 **Author:** [@loganmc10](https://github.com/loganmc10) **Created:** 6/3/2025 **Status:** ✅ Merged **Merged:** 6/3/2025 **Merged by:** [@loganmc10](https://github.com/loganmc10) **Base:** `main` ← **Head:** `alert-autofix-4` --- ### 📝 Commits (1) - [`a4593f5`](https://github.com/gopher64/gopher64/commit/a4593f5f144e94fa181bfa13efd40bcfc723f305) Potential fix for code scanning alert no. 4: Workflow does not contain permissions ### 📊 Changes **1 file changed** (+2 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/build.yml` (+2 -0) </details> ### 📄 Description Potential fix for [https://github.com/gopher64/gopher64/security/code-scanning/4](https://github.com/gopher64/gopher64/security/code-scanning/4) To fix the issue, we will add a `permissions` block at the workflow level to restrict the `GITHUB_TOKEN` to `contents: read`. This is sufficient for the current workflow, as it primarily involves building and uploading artifacts, which do not require write permissions. The `permissions` block will be added at the top of the workflow, just below the `name` field, to apply to all jobs in the workflow. --- _Suggested fixes powered by Copilot Autofix. Review carefully before merging._ --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>