Skip to content

Add missing permissions to workflow files#655

Merged
torosent merged 2 commits intomainfrom
copilot/fix-workflow-permissions
Mar 2, 2026
Merged

Add missing permissions to workflow files#655
torosent merged 2 commits intomainfrom
copilot/fix-workflow-permissions

Conversation

Copy link
Contributor

Copilot AI commented Mar 2, 2026
edited
Loading

Workflows validate-build.yml and azure-functions-smoke-tests.yml lack explicit permissions declarations, defaulting to overly broad token scopes.

  • Added permissions: contents: read to both workflows, which is the minimum required for checkout + build + upload-artifact
  • codeQL.yml already declares permissions at the job level and is unchanged

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@torosent
Add permissions to workflow files missing them
e784c48 
Co-authored-by: torosent <17064840+torosent@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix workflow does not contain permissions Add missing permissions to workflow files Mar 2, 2026
@torosent torosent marked this pull request as ready for review March 2, 2026 04:03
Copilot AI review requested due to automatic review settings March 2, 2026 04:03
Copilot AI reviewed Mar 2, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR tightens GitHub Actions security by explicitly scoping GITHUB_TOKEN permissions for workflows that previously relied on the default (potentially broader) permissions.

Changes:

  • Added top-level permissions: contents: read to validate-build.yml.
  • Added top-level permissions: contents: read to azure-functions-smoke-tests.yml.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
.github/workflows/validate-build.yml Adds explicit minimal GITHUB_TOKEN permissions for the build/test/pack workflow.
.github/workflows/azure-functions-smoke-tests.yml Adds explicit minimal GITHUB_TOKEN permissions for the Azure Functions smoke test workflow.

@torosent torosent merged commit 4aa66da into main Mar 2, 2026
12 checks passed
@torosent torosent deleted the copilot/fix-workflow-permissions branch March 2, 2026 18:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@nytian nytian nytian approved these changes

+1 more reviewer

@torosent torosent torosent approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@torosent torosent

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@torosent @nytian