[PR #416] [MERGED] Potential fix for code scanning alert no. 2: Workflow does not contain permissions #498

New issue

Closed

opened 2026-03-03 13:47:47 +03:00 by kerem · 0 comments

kerem commented

2026-03-03 13:47:47 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/gopher64/gopher64/pull/416
Author: @loganmc10
Created: 6/3/2025
Status: ✅ Merged
Merged: 6/3/2025
Merged by: @loganmc10

Base: main ← Head: alert-autofix-2

📝 Commits (1)

9c9ef9c Potential fix for code scanning alert no. 2: Workflow does not contain permissions

📊 Changes

1 file changed (+3 additions, -0 deletions)

View changed files

📝 .github/workflows/lint.yml (+3 -0)

📄 Description

Potential fix for https://github.com/gopher64/gopher64/security/code-scanning/2

To fix the issue, add a permissions block at the root level of the workflow file to explicitly limit the permissions of the GITHUB_TOKEN. Since this workflow only performs linting tasks, it requires minimal permissions. The contents: read permission is sufficient for accessing the repository contents.

The fix involves:

Adding a permissions block at the top level of the workflow file.
Setting contents: read as the only permission required.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/gopher64/gopher64/pull/416 **Author:** [@loganmc10](https://github.com/loganmc10) **Created:** 6/3/2025 **Status:** ✅ Merged **Merged:** 6/3/2025 **Merged by:** [@loganmc10](https://github.com/loganmc10) **Base:** `main` ← **Head:** `alert-autofix-2` --- ### 📝 Commits (1) - [`9c9ef9c`](https://github.com/gopher64/gopher64/commit/9c9ef9cd6b4725e49a4fa853701083f01f9cf8a1) Potential fix for code scanning alert no. 2: Workflow does not contain permissions ### 📊 Changes **1 file changed** (+3 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/lint.yml` (+3 -0) </details> ### 📄 Description Potential fix for [https://github.com/gopher64/gopher64/security/code-scanning/2](https://github.com/gopher64/gopher64/security/code-scanning/2) To fix the issue, add a `permissions` block at the root level of the workflow file to explicitly limit the permissions of the `GITHUB_TOKEN`. Since this workflow only performs linting tasks, it requires minimal permissions. The `contents: read` permission is sufficient for accessing the repository contents. The fix involves: 1. Adding a `permissions` block at the top level of the workflow file. 2. Setting `contents: read` as the only permission required. --- _Suggested fixes powered by Copilot Autofix. Review carefully before merging._ --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>