[PR #146] [MERGED] fix(gh-actions): Workflow does not contain permissions #144

New Issue

GiteaMirror · 2025-11-19T07:15:00-06:00

GiteaMirror commented

2025-11-19 07:15:00 -06:00

📋 Pull Request Information

Original PR: https://github.com/fosrl/newt/pull/146
Author: @marcschaeferger
Created: 9/21/2025
Status: ✅ Merged
Merged: 9/22/2025
Merged by: @oschwartz10612

Base: dev ← Head: github-actions

📝 Commits (1)

aff928e fix(gh-actions): Workflow does not contain permissions

📊 Changes

2 files changed (+6 additions, -0 deletions)

View changed files

📝 .github/workflows/cicd.yml (+3 -0)
📝 .github/workflows/test.yml (+3 -0)

📄 Description

Community Contribution License Agreement

By creating this pull request, I grant the project maintainers an unlimited,
perpetual license to use, modify, and redistribute these contributions under any terms they
choose, including both the AGPLv3 and the Fossorial Commercial license terms. I
represent that I have the right to grant this license for all contributed content.

Description Copilot

This pull request updates the GitHub Actions workflow configuration files to explicitly set permissions for improved security.

Security improvements to workflow permissions:

.github/workflows/cicd.yml: Added a permissions block to restrict workflow access to read-only for repository contents.
.github/workflows/test.yml: Added a permissions block to restrict workflow access to read-only for repository contents.

How to test?

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/fosrl/newt/pull/146 **Author:** [@marcschaeferger](https://github.com/marcschaeferger) **Created:** 9/21/2025 **Status:** ✅ Merged **Merged:** 9/22/2025 **Merged by:** [@oschwartz10612](https://github.com/oschwartz10612) **Base:** `dev` ← **Head:** `github-actions` --- ### 📝 Commits (1) - [`aff928e`](https://github.com/fosrl/newt/commit/aff928e60f973adbd576e0eaacb23183dfafcf38) fix(gh-actions): Workflow does not contain permissions ### 📊 Changes **2 files changed** (+6 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/cicd.yml` (+3 -0) 📝 `.github/workflows/test.yml` (+3 -0) </details> ### 📄 Description ## Community Contribution License Agreement By creating this pull request, I grant the project maintainers an unlimited, perpetual license to use, modify, and redistribute these contributions under any terms they choose, including both the AGPLv3 and the Fossorial Commercial license terms. I represent that I have the right to grant this license for all contributed content. ## Description Copilot This pull request updates the GitHub Actions workflow configuration files to explicitly set permissions for improved security. Security improvements to workflow permissions: * [`.github/workflows/cicd.yml`](diffhunk://#diff-6727e33ccc9195d67f0786e1384f8f1cdaf4090c3e77547943105bd2b28c99d0R3-R5): Added a `permissions` block to restrict workflow access to read-only for repository contents. * [`.github/workflows/test.yml`](diffhunk://#diff-faff1af3d8ff408964a57b2e475f69a6b7c7b71c9978cccc8f471798caac2c88R3-R5): Added a `permissions` block to restrict workflow access to read-only for repository contents. ## How to test? --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2025-11-19 07:15:00 -06:00

GiteaMirror closed this issue

2025-11-19 07:15:00 -06:00

GiteaMirror referenced this issue

2025-11-19 07:15:09 -06:00

[PR #153] [MERGED] Dev #150

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/newt#144