Skip to content

ci: declare workflow-level contents: read on maven, pr-checks, version-increments#3322

Open
arpitjain099 wants to merge 1 commit into
eclipse-platform:masterfrom
arpitjain099:chore/declare-workflow-perms
Open

ci: declare workflow-level contents: read on maven, pr-checks, version-increments#3322
arpitjain099 wants to merge 1 commit into
eclipse-platform:masterfrom
arpitjain099:chore/declare-workflow-perms

Conversation

@arpitjain099
Copy link
Copy Markdown

@arpitjain099 arpitjain099 commented May 25, 2026

Adds workflow-level permissions: contents: read to three workflows that just run build / checks: maven, pr-checks, version-increments. No GitHub API writes.

Same post-CVE-2025-30066 (tj-actions/changed-files) hardening pattern. YAML validated locally.

@arpitjain099
ci: declare workflow-level contents: read on maven, pr-checks, versio…
a97ce40 
…n-increments

Three workflows that just run build/checks. No GitHub API writes from the workflows. contents: read at workflow level is appropriate.

Post-CVE-2025-30066 hardening pattern. yaml.safe_load validated.

Signed-off-by: Arpit Jain <arpitjain099@gmail.com>
@arpitjain099 arpitjain099 force-pushed the chore/declare-workflow-perms branch from 97786d7 to a97ce40 Compare May 26, 2026 06:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@arpitjain099