[PR #414] [CLOSED] Potential fix for code scanning alert no. 3: Workflow does not contain permissions #496

New issue

Closed

opened 2026-03-03 13:47:46 +03:00 by kerem · 0 comments

kerem commented

2026-03-03 13:47:46 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/gopher64/gopher64/pull/414
Author: @loganmc10
Created: 6/3/2025
Status: ❌ Closed

Base: main ← Head: alert-autofix-3

📝 Commits (1)

3abb31c Potential fix for code scanning alert no. 3: Workflow does not contain permissions

📊 Changes

1 file changed (+3 additions, -0 deletions)

View changed files

📝 .github/workflows/build.yml (+3 -0)

📄 Description

Potential fix for https://github.com/gopher64/gopher64/security/code-scanning/3

To fix the issue, we need to add a permissions block to the workflow. This block should specify the least privileges required for the workflow to function. Based on the actions used in the workflow, the minimal permissions required are contents: read. This will ensure that the workflow can interact with the repository contents without granting unnecessary write access.

The permissions block can be added at the root level of the workflow to apply to all jobs, or it can be added to each job individually. In this case, adding it at the root level is sufficient and simplifies the configuration.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/gopher64/gopher64/pull/414 **Author:** [@loganmc10](https://github.com/loganmc10) **Created:** 6/3/2025 **Status:** ❌ Closed **Base:** `main` ← **Head:** `alert-autofix-3` --- ### 📝 Commits (1) - [`3abb31c`](https://github.com/gopher64/gopher64/commit/3abb31c923266f5dbe93a04199df7619a122d496) Potential fix for code scanning alert no. 3: Workflow does not contain permissions ### 📊 Changes **1 file changed** (+3 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/build.yml` (+3 -0) </details> ### 📄 Description Potential fix for [https://github.com/gopher64/gopher64/security/code-scanning/3](https://github.com/gopher64/gopher64/security/code-scanning/3) To fix the issue, we need to add a `permissions` block to the workflow. This block should specify the least privileges required for the workflow to function. Based on the actions used in the workflow, the minimal permissions required are `contents: read`. This will ensure that the workflow can interact with the repository contents without granting unnecessary write access. The `permissions` block can be added at the root level of the workflow to apply to all jobs, or it can be added to each job individually. In this case, adding it at the root level is sufficient and simplifies the configuration. --- _Suggested fixes powered by Copilot Autofix. Review carefully before merging._ --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>