[PR #415] [CLOSED] Potential fix for code scanning alert no. 1: Workflow does not contain permissions #497

New issue

Closed

opened 2026-03-03 13:47:47 +03:00 by kerem · 0 comments

kerem commented

2026-03-03 13:47:47 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/gopher64/gopher64/pull/415
Author: @loganmc10
Created: 6/3/2025
Status: ❌ Closed

Base: main ← Head: alert-autofix-1

📝 Commits (1)

d26e6a3 Potential fix for code scanning alert no. 1: Workflow does not contain permissions

📊 Changes

1 file changed (+3 additions, -0 deletions)

View changed files

📝 .github/workflows/build.yml (+3 -0)

📄 Description

Potential fix for https://github.com/gopher64/gopher64/security/code-scanning/1

To fix the issue, we need to add a permissions block to the workflow. This block should specify the minimal permissions required for the workflow to function correctly. Based on the actions used in the workflow:

contents: read is sufficient for actions/checkout@v4.
contents: write is required for actions/upload-artifact@v4.

The permissions block can be added at the root level of the workflow to apply to all jobs, or it can be added to each job individually. Since all jobs in this workflow perform similar tasks, adding the block at the root level is more efficient.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/gopher64/gopher64/pull/415 **Author:** [@loganmc10](https://github.com/loganmc10) **Created:** 6/3/2025 **Status:** ❌ Closed **Base:** `main` ← **Head:** `alert-autofix-1` --- ### 📝 Commits (1) - [`d26e6a3`](https://github.com/gopher64/gopher64/commit/d26e6a325ba2dc548c8755438b50a74baf6e3a1c) Potential fix for code scanning alert no. 1: Workflow does not contain permissions ### 📊 Changes **1 file changed** (+3 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/build.yml` (+3 -0) </details> ### 📄 Description Potential fix for [https://github.com/gopher64/gopher64/security/code-scanning/1](https://github.com/gopher64/gopher64/security/code-scanning/1) To fix the issue, we need to add a `permissions` block to the workflow. This block should specify the minimal permissions required for the workflow to function correctly. Based on the actions used in the workflow: - `contents: read` is sufficient for `actions/checkout@v4`. - `contents: write` is required for `actions/upload-artifact@v4`. The `permissions` block can be added at the root level of the workflow to apply to all jobs, or it can be added to each job individually. Since all jobs in this workflow perform similar tasks, adding the block at the root level is more efficient. --- _Suggested fixes powered by Copilot Autofix. Review carefully before merging._ --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>